blackshades | 4f94ecfe1d596098b3d38e61bffc84331d21ce404007b61f561640a86773f4ed | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...90.exe

windows7-x64

JaffaCakes...90.exe

windows10-2004-x64

JaffaCakes...90.exe

android-9-x86

JaffaCakes...90.exe

android-13-x64

JaffaCakes...90.exe

macos-10.15-amd64

JaffaCakes...90.exe

ubuntu-18.04-amd64

JaffaCakes...90.exe

debian-9-armhf

JaffaCakes...90.exe

debian-9-mips

JaffaCakes...90.exe

debian-9-mipsel

Resubmissions

27-01-2025 01:55

250127-ccmdqswkek 10

27-01-2025 01:51

250127-b9tzeawjdm 10

27-01-2025 01:43

250127-b479vavphl 10

Sharing

General

Target

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490
Size

499KB
Sample

250127-b9tzeawjdm
MD5

3ae9b6814b4e53dfb362d10b7af5a490
SHA1

585d5c4e2c624b906137b9ea47664b2dea5de2cf
SHA256

4f94ecfe1d596098b3d38e61bffc84331d21ce404007b61f561640a86773f4ed
SHA512

b6002661ae17d5228c8b9cf88ddeb1080ecfef0fe99c2297a827699118cbc853600fad743617c123502900d99c8be0b02d2d61116a01f0ebf9a598c1353e951e
SSDEEP

6144:R/SuZXvFCbIE63YF3bUqlA7U/ysk5ypO/LIGNIb8BgkRqW2bRjtlL4DQ8yZoM2Yv:xSQKF3bUqC4BkqOsGNc8B3RqxP8QLp

Score

10^/10

blackshades android defense_evasion discovery linux macos persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery persistence rat

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

win10v2004-20241007-en

blackshades defense_evasion discovery persistence rat

windows10-2004-x64

13 signatures

300 seconds

Behavioral task

behavioral3

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

android-x86-arm-20240624-en

android-9-x86

0 signatures

300 seconds

Behavioral task

behavioral4

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

android-33-x64-arm64-20240624-en

android-13-x64

0 signatures

300 seconds

Behavioral task

behavioral5

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

300 seconds

Behavioral task

behavioral6

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

300 seconds

Behavioral task

behavioral7

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

debian9-armhf-20240418-en

debian-9-armhf

0 signatures

300 seconds

Behavioral task

behavioral8

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

debian9-mipsbe-20240611-en

debian-9-mips

0 signatures

300 seconds

Behavioral task

behavioral9

Sample

JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490.exe

Resource

debian9-mipsel-20240226-en

debian-9-mipsel

0 signatures

300 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_3ae9b6814b4e53dfb362d10b7af5a490
- Size
  
  499KB
- MD5
  
  3ae9b6814b4e53dfb362d10b7af5a490
- SHA1
  
  585d5c4e2c624b906137b9ea47664b2dea5de2cf
- SHA256
  
  4f94ecfe1d596098b3d38e61bffc84331d21ce404007b61f561640a86773f4ed
- SHA512
  
  b6002661ae17d5228c8b9cf88ddeb1080ecfef0fe99c2297a827699118cbc853600fad743617c123502900d99c8be0b02d2d61116a01f0ebf9a598c1353e951e
- SSDEEP
  
  6144:R/SuZXvFCbIE63YF3bUqlA7U/ysk5ypO/LIGNIb8BgkRqW2bRjtlL4DQ8yZoM2Yv:xSQKF3bUqC4BkqOsGNc8B3RqxP8QLp
Score

10^/10

blackshades defense_evasion discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerat

behavioral2

blackshadesdefense_evasiondiscoverypersistencerat

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

© 2018-2025

Terms | Privacy