blackshades | 422bc3be6b70dd7785780738ce03ca2a4483cb85bcfc4543bc056b9dd32b9a34 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...c8.exe

windows7-x64

JaffaCakes...c8.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_55407673b4b0f8e4b70f84e023e6c5c8
Size

636KB
Sample

250129-ldws8ssjdr
MD5

55407673b4b0f8e4b70f84e023e6c5c8
SHA1

8d8d3cf881ab164a82607aab62c10500c7a6c94f
SHA256

422bc3be6b70dd7785780738ce03ca2a4483cb85bcfc4543bc056b9dd32b9a34
SHA512

4cc32dd8951832d2d278e20013be15c0859ef41ec1f6318aa7832e8184ba5be37a7f85c5daa330df2ddaf01142c16e21fc828b4a47c89d9ab71de9e34c2b2511
SSDEEP

12288:rqeIFfwruh1+087bqqPimMDltarvgjn7V+9yaEll:2ejrAEB3M3Wv+7M9ql

Score

10^/10

blackshades latentbot defense_evasion discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_55407673b4b0f8e4b70f84e023e6c5c8.exe

Resource

win7-20240903-en

blackshades latentbot defense_evasion discovery rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_55407673b4b0f8e4b70f84e023e6c5c8.exe

Resource

win10v2004-20250129-en

blackshades latentbot defense_evasion discovery rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

rscashmoneyheros.zapto.org

Targets

- Target
  
  JaffaCakes118_55407673b4b0f8e4b70f84e023e6c5c8
- Size
  
  636KB
- MD5
  
  55407673b4b0f8e4b70f84e023e6c5c8
- SHA1
  
  8d8d3cf881ab164a82607aab62c10500c7a6c94f
- SHA256
  
  422bc3be6b70dd7785780738ce03ca2a4483cb85bcfc4543bc056b9dd32b9a34
- SHA512
  
  4cc32dd8951832d2d278e20013be15c0859ef41ec1f6318aa7832e8184ba5be37a7f85c5daa330df2ddaf01142c16e21fc828b4a47c89d9ab71de9e34c2b2511
- SSDEEP
  
  12288:rqeIFfwruh1+087bqqPimMDltarvgjn7V+9yaEll:2ejrAEB3M3Wv+7M9ql
Score

10^/10

blackshades latentbot defense_evasion discovery rat trojan
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies firewall policy service
  defense_evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadeslatentbotdefense_evasiondiscoveryrattrojan

behavioral2

blackshadeslatentbotdefense_evasiondiscoveryrattrojan

© 2018-2025

Terms | Privacy