blackshades | ca1fd7ccc5cc3440b10630643e584b8a49da646d6f04cfb6152d0469e6cad8d1 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...a6.exe

windows7-x64

5

JaffaCakes...a6.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_46a691951f5509444b7363de172c85a6
Size

414KB
Sample

250128-ekz1xaxjfk
MD5

46a691951f5509444b7363de172c85a6
SHA1

079d2992775d148f4218e8fe2faef0f0ec2397c2
SHA256

ca1fd7ccc5cc3440b10630643e584b8a49da646d6f04cfb6152d0469e6cad8d1
SHA512

961ce26c66a38507f9610bf51c55f61879918c2f42da669acedcd3e69c8387b2f6b0388b4e0577b3374100308e5b213bd1fd712eb71647995fbab3e9a629c4fb
SSDEEP

12288:03v6CfAjsFcHQYwod+C6maA+NQ4hZdxZur:0CwAQFc5d+Tv24ndxIr

Score

10^/10

blackshades defense_evasion discovery rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_46a691951f5509444b7363de172c85a6.exe

Resource

win7-20240729-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_46a691951f5509444b7363de172c85a6.exe

Resource

win10v2004-20250129-en

blackshades defense_evasion discovery rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_46a691951f5509444b7363de172c85a6
- Size
  
  414KB
- MD5
  
  46a691951f5509444b7363de172c85a6
- SHA1
  
  079d2992775d148f4218e8fe2faef0f0ec2397c2
- SHA256
  
  ca1fd7ccc5cc3440b10630643e584b8a49da646d6f04cfb6152d0469e6cad8d1
- SHA512
  
  961ce26c66a38507f9610bf51c55f61879918c2f42da669acedcd3e69c8387b2f6b0388b4e0577b3374100308e5b213bd1fd712eb71647995fbab3e9a629c4fb
- SSDEEP
  
  12288:03v6CfAjsFcHQYwod+C6maA+NQ4hZdxZur:0CwAQFc5d+Tv24ndxIr
Score

10^/10

discovery upx blackshades defense_evasion rat trojan
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blackshadesdefense_evasiondiscoveryrattrojanupx

© 2018-2025

Terms | Privacy