General

  • Target

    JaffaCakes118_77f07130a1a1e139d38098a08eb60ca6

  • Size

    413KB

  • Sample

    250315-z1vrcaxls2

  • MD5

    77f07130a1a1e139d38098a08eb60ca6

  • SHA1

    b4d023b269997d5fde4ed57062ba0ac015b842d7

  • SHA256

    43c403672569210009fecc53485fc708f8abb3b22dc0c87cf41885c566b84698

  • SHA512

    d0d11bbb45b79dd45e1fced8ec2d12210d67d0175cc3f0514a85b70243f60aa75cfc0be93b15e53ac922141700f0a0025f71306a0f1cbdbdb8b10a7c3ef9f04f

  • SSDEEP

    12288:H4uPACtBKeUratKjtV6hzJGaJMqnJQ+qf/Daz2oS:YuPA8KentKjtV4zBGqnJQ+qu

Malware Config

Targets

    • Target

      JaffaCakes118_77f07130a1a1e139d38098a08eb60ca6

    • Size

      413KB

    • MD5

      77f07130a1a1e139d38098a08eb60ca6

    • SHA1

      b4d023b269997d5fde4ed57062ba0ac015b842d7

    • SHA256

      43c403672569210009fecc53485fc708f8abb3b22dc0c87cf41885c566b84698

    • SHA512

      d0d11bbb45b79dd45e1fced8ec2d12210d67d0175cc3f0514a85b70243f60aa75cfc0be93b15e53ac922141700f0a0025f71306a0f1cbdbdb8b10a7c3ef9f04f

    • SSDEEP

      12288:H4uPACtBKeUratKjtV6hzJGaJMqnJQ+qf/Daz2oS:YuPA8KentKjtV4zBGqnJQ+qu

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks