blackshades | 33d86fd0d6f415ba941ab13ffeead05ba8ee2126f610882d295bbc0030df4db2 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...5f.exe

windows7-x64

JaffaCakes...5f.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_46aeb5d0ce90d9e9df9bb7e681c2435f
Size

224KB
Sample

250128-emxzbsxkal
MD5

46aeb5d0ce90d9e9df9bb7e681c2435f
SHA1

6773370fbc28321c350c0d102de358c2b21e418f
SHA256

33d86fd0d6f415ba941ab13ffeead05ba8ee2126f610882d295bbc0030df4db2
SHA512

de876be2957651856869d753628efc97bd13a8c724201ab67e95525affc496ab71deb8b1e55bf32918f946ef12c0682ba764698510b47a785447c9129bdae882
SSDEEP

6144:Md2Y5nGoT1LseAoGIwEq8J3xLwLId1RB:Md2Y4oTFOIfRJxLoIdvB

Score

10^/10

blackshades defense_evasion discovery persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_46aeb5d0ce90d9e9df9bb7e681c2435f.exe

Resource

win7-20240708-en

blackshades defense_evasion discovery persistence rat upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_46aeb5d0ce90d9e9df9bb7e681c2435f.exe

Resource

win10v2004-20250129-en

blackshades defense_evasion discovery persistence rat upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_46aeb5d0ce90d9e9df9bb7e681c2435f
- Size
  
  224KB
- MD5
  
  46aeb5d0ce90d9e9df9bb7e681c2435f
- SHA1
  
  6773370fbc28321c350c0d102de358c2b21e418f
- SHA256
  
  33d86fd0d6f415ba941ab13ffeead05ba8ee2126f610882d295bbc0030df4db2
- SHA512
  
  de876be2957651856869d753628efc97bd13a8c724201ab67e95525affc496ab71deb8b1e55bf32918f946ef12c0682ba764698510b47a785447c9129bdae882
- SSDEEP
  
  6144:Md2Y5nGoT1LseAoGIwEq8J3xLwLId1RB:Md2Y4oTFOIfRJxLoIdvB
Score

10^/10

blackshades defense_evasion discovery persistence rat upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistenceratupx

behavioral2

blackshadesdefense_evasiondiscoverypersistenceratupx

© 2018-2025

Terms | Privacy