General

  • Target

    JaffaCakes118_77d47e54c705ce247be9c990a64bc80b

  • Size

    190KB

  • Sample

    250315-zcnm5awns7

  • MD5

    77d47e54c705ce247be9c990a64bc80b

  • SHA1

    1300ee5b33180a8f9ff48924368b49181f617c51

  • SHA256

    dfb77e1cebb8a3e4b71cdd8ddd9b34c6375b76097df9ccc249ae95670a92d8e2

  • SHA512

    b17d97516a162f7298a40ef89a87bff8cde4f8f6e5d8939a5e6e4cbf4dc047431bebb8b03d80a16a2c22ed07da787e0d8bbde92cd2e87ab4090767087bd7bba8

  • SSDEEP

    3072:maLHwNmVCnVZyfu9u6d0hnTGtgi37uL9YVkkNxj4N4UAYvX3zO6a+paKY:brwmmVCu9hd0hnitn7u6ku1w4UDy6ayY

Malware Config

Targets

    • Target

      JaffaCakes118_77d47e54c705ce247be9c990a64bc80b

    • Size

      190KB

    • MD5

      77d47e54c705ce247be9c990a64bc80b

    • SHA1

      1300ee5b33180a8f9ff48924368b49181f617c51

    • SHA256

      dfb77e1cebb8a3e4b71cdd8ddd9b34c6375b76097df9ccc249ae95670a92d8e2

    • SHA512

      b17d97516a162f7298a40ef89a87bff8cde4f8f6e5d8939a5e6e4cbf4dc047431bebb8b03d80a16a2c22ed07da787e0d8bbde92cd2e87ab4090767087bd7bba8

    • SSDEEP

      3072:maLHwNmVCnVZyfu9u6d0hnTGtgi37uL9YVkkNxj4N4UAYvX3zO6a+paKY:brwmmVCu9hd0hnitn7u6ku1w4UDy6ayY

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks