blackshades | 23f41bfbe3589b4e2a980871362fffd09fbb2eacf64886d077a9133b257242d5 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...53.exe

windows7-x64

JaffaCakes...53.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_3cf88ff451eac767feaa623f8239a853
Size

440KB
Sample

250127-hk611axmel
MD5

3cf88ff451eac767feaa623f8239a853
SHA1

2bd84c57918557cf9fd249ac8f033844764926e8
SHA256

23f41bfbe3589b4e2a980871362fffd09fbb2eacf64886d077a9133b257242d5
SHA512

8eee85a46e7e59f539467981aa959ae900088cb3f3127b0f3a3c2d04cac5d0967efadc8034afe53376208fbe4620a77c87fa70896b53affb2747de18e73081ac
SSDEEP

12288:1j+j40jgkgggp61Pv4V2o99mUwHEqZiufhvy1T2GR:Z0Zgggp61PQ9wUWNU8yj

Score

10^/10

blackshades defense_evasion discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_3cf88ff451eac767feaa623f8239a853.exe

Resource

win7-20240729-en

blackshades defense_evasion discovery persistence rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_3cf88ff451eac767feaa623f8239a853.exe

Resource

win10v2004-20241007-en

blackshades defense_evasion discovery persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_3cf88ff451eac767feaa623f8239a853
- Size
  
  440KB
- MD5
  
  3cf88ff451eac767feaa623f8239a853
- SHA1
  
  2bd84c57918557cf9fd249ac8f033844764926e8
- SHA256
  
  23f41bfbe3589b4e2a980871362fffd09fbb2eacf64886d077a9133b257242d5
- SHA512
  
  8eee85a46e7e59f539467981aa959ae900088cb3f3127b0f3a3c2d04cac5d0967efadc8034afe53376208fbe4620a77c87fa70896b53affb2747de18e73081ac
- SSDEEP
  
  12288:1j+j40jgkgggp61Pv4V2o99mUwHEqZiufhvy1T2GR:Z0Zgggp61PQ9wUWNU8yj
Score

10^/10

blackshades defense_evasion discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerat

behavioral2

blackshadesdefense_evasiondiscoverypersistencerat

© 2018-2025

Terms | Privacy