blackshades | 4f8d7a281594177b09abe8d9fdb7eab00c6d19466313486323222c6b22007e25 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...eb.exe

windows7-x64

JaffaCakes...eb.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_131ed0b98ee2c1933efdad3de1b51aeb
Size

600KB
Sample

250123-de5hrsymet
MD5

131ed0b98ee2c1933efdad3de1b51aeb
SHA1

fcd38692f17e9435ed45ff833fb36d153edb7cc8
SHA256

4f8d7a281594177b09abe8d9fdb7eab00c6d19466313486323222c6b22007e25
SHA512

2dcaa624f8734e1c9c5061937c926196d04d39ed636a71c09ab80768cff28e0440e678f0e904dd876d484683410acd5da7cdb808fd689eebfda08c331fc335bc
SSDEEP

6144:rd5VDNwVBSS7Id4w5wLIoKhPBLXYpE4WfUnEkx6k1C14b2y:LVTScd48wUhhXYupu6k1CO

Score

10^/10

blackshades latentbot defense_evasion discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_131ed0b98ee2c1933efdad3de1b51aeb.exe

Resource

win7-20240903-en

blackshades latentbot defense_evasion discovery persistence rat trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_131ed0b98ee2c1933efdad3de1b51aeb.exe

Resource

win10v2004-20241007-en

blackshades discovery rat upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

1xxxdarkxxx.zapto.org

2xxxdarkxxx.zapto.org

3xxxdarkxxx.zapto.org

4xxxdarkxxx.zapto.org

5xxxdarkxxx.zapto.org

6xxxdarkxxx.zapto.org

7xxxdarkxxx.zapto.org

8xxxdarkxxx.zapto.org

Targets

- Target
  
  JaffaCakes118_131ed0b98ee2c1933efdad3de1b51aeb
- Size
  
  600KB
- MD5
  
  131ed0b98ee2c1933efdad3de1b51aeb
- SHA1
  
  fcd38692f17e9435ed45ff833fb36d153edb7cc8
- SHA256
  
  4f8d7a281594177b09abe8d9fdb7eab00c6d19466313486323222c6b22007e25
- SHA512
  
  2dcaa624f8734e1c9c5061937c926196d04d39ed636a71c09ab80768cff28e0440e678f0e904dd876d484683410acd5da7cdb808fd689eebfda08c331fc335bc
- SSDEEP
  
  6144:rd5VDNwVBSS7Id4w5wLIoKhPBLXYpE4WfUnEkx6k1C14b2y:LVTScd48wUhhXYupu6k1CO
Score

10^/10

blackshades latentbot defense_evasion discovery persistence rat trojan upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies firewall policy service
  defense_evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadeslatentbotdefense_evasiondiscoverypersistencerattrojanupx

behavioral2

blackshadesdiscoveryratupx

© 2018-2025

Terms | Privacy