blackshades | f403174c2dcf0b43c2eb338dfcc7b44da183ff36a3563bfbe56edd82e77fb69d | Triage

Sharing

General

Target

JaffaCakes118_60eff1847960a1cc9a05ce3fcc089948
Size

7.8MB
Sample

250130-ksanwaykgm
MD5

60eff1847960a1cc9a05ce3fcc089948
SHA1

edeedf96f8f269371ae8c37bb3be01b35b6da651
SHA256

f403174c2dcf0b43c2eb338dfcc7b44da183ff36a3563bfbe56edd82e77fb69d
SHA512

a7982bc524a091b282569d18253e24d13f4a0db191766a4b8399ee36b3f73f259030e886b7a75f5f05f92ed5a4ce706b0fabedfb3958a22d6133f5ae0248e554
SSDEEP

196608:PPe7CuVqeNECNhxU+E1cDl8sfeXFW4Tov6G9ULgJn:3QlVqyNbUWlbeXg8ovt9U0h

Score

10^/10

blackshades discovery link pdf rat

Malware Config

Targets

- Target
  
  3.8.1/Blackshades NET Setup Tutorial.pdf
- Size
  
  3.2MB
- MD5
  
  9ce4414c839c0e9dce526474530e8d0d
- SHA1
  
  32bc5cf25bb1ff90d576ed6fb476297510fb6d45
- SHA256
  
  1ed267ec56428c7bd2c654ebea6943eb2462738acfcc221da10ff88edadc6772
- SHA512
  
  b35258f0ead5de7baf87cbbb1f9f9719a5f4d48083c0b5e115a3d367f5e53cbda63bdd40ed9a7a4e9f7c20e03d4fa8a5e0be96db20f0c8ae45a39c54828cf1e5
- SSDEEP
  
  98304:2wchRIS2Vx8ElEv21M2jo/BtqG0wuiU/lpd:dcbIS8yQ1M2G6Bt
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  3.8.1/Blackshades NET User Guide.pdf
- Size
  
  1.6MB
- MD5
  
  7753e25cc1afa1bebce1d9264b17e098
- SHA1
  
  ab261a322b6b15e90e08af67a6646cce675469ae
- SHA256
  
  e024e14ccb85b8c59cfc10ee2d9aa867c85e036382363fd8581c97ecaaf10fb4
- SHA512
  
  8f4a6450a71c3caf1baba9653a3cf55d860037a4bb1e54db6bfb7ca12306877871524716c91dc7cf9ad37b43a8b8efc523e2a94b37ead0398cae4bd12e9c00d1
- SSDEEP
  
  24576:MqsmKcB2EeVRZjPDFSFVIOCN1DXjQJZg4XJ2ILbdcSJMknLzMNIQSJa5n59EA9Ew:MqsmKDVRBDSsbog4XJ2wcg/Dc1PENZS
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  3.8.1/client.exe
- Size
  
  2.7MB
- MD5
  
  cfa409084bad8b3929ef5d7b725e5844
- SHA1
  
  5da0778caddf5f717ef0e4ba371c36ab9f610742
- SHA256
  
  eb607101a60fe9c73c01d75dffba67aff1e2654b488b68b4e1c1771080c16b94
- SHA512
  
  811d7310459ae297e4cac655cf495e56ee2ae286ac31a4d25aa64ac45634df63e4d5be54d35c6d69da68fdb9706e3a2b6712472bb08cb605de559294a23d253a
- SSDEEP
  
  49152:H4XM/ICPNGqbP371NSSDK3dIv1RjaqUi8ac9idSwodRP7mBqndoN8xPDqTFraHxD:YXM/IENx7B4TNIvtcQdKQIndu8YF6xD
Score

10^/10

blackshades discovery rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  3.8.1/data/CODEJO~1.oca
- Size
  
  379KB
- MD5
  
  928ab3d2ffe0944b9dd8bd648d7042e5
- SHA1
  
  2d8fb97d80fdbfc86c59f89ce49bb0caba118bf9
- SHA256
  
  a8cda184b893f8cce4735b9156b0474543b35f26392ae1bddfa3f4ed4157b98e
- SHA512
  
  5b68167ba0817e1ac65d0ef1f6a3c1fea65fd7d282abf33f4adfd856c1a6007e118e90f23ae7661de70c155d4c7c8c0c0237784fa301bbb8a07d3105f9366994
- SSDEEP
  
  1536:ixgnD+HS/2FJS2JU5WnoNEFBIgj/Fm2UT0/0OM/MDBAmqezB6YiY9U8ht0mHmNMb:iuDAFI2WD2Fjg2UwWiZUY8m0mEMxZ
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  3.8.1/data/CODEJO~2.oca
- Size
  
  17KB
- MD5
  
  25f7cc50f4bbf81ff82c243f20cde0c7
- SHA1
  
  8d075894e6001135e3d85d30907f828b2afb9107
- SHA256
  
  6f44c09546b1f7b44f3025d3e285210d013c42b05cc7aae4849950523787d38e
- SHA512
  
  8487e9d0e68fd7ae568a8145ffba71b408f5debde070d16df5123a77b103a21312ff65bd3aa6de38d2e7fc7dd362a0dbb96851a99d3640d53010ed84ae3e10c0
- SSDEEP
  
  192:YHRJM6KPvZl/QK0aCr8fhvBF28Mp/7DvvOTGFJIGT0wabAhw:X6Knx3w7p/7DvvOTGFJIG8A
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  3.8.1/data/Codejock.Controls.Unicode.v12.0.2.ocx
- Size
  
  1.6MB
- MD5
  
  ec08be364fd4ec034597200c42c04b0a
- SHA1
  
  664748b86d328aeeed350a79d5bbecea1c08ca85
- SHA256
  
  96564b0f3c52ce712bea26de63b4f3e8e9a604e6d240108adfaf1ea9e2d1710b
- SHA512
  
  24b29a39b0749b262928556867ca6552b130483d7af77ab329eec1e7bb5227801a27df67016b1f194462e1d1a786f8e88e77770a9838d63c5bbab489a82b4889
- SSDEEP
  
  49152:K5BcFMF/zJcYBzZIoU8wVh+PXDg3fWMTk/q5AHI:KhTcWc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  3.8.1/data/Codejock.SkinFramework.v12.0.2.ocx
- Size
  
  513KB
- MD5
  
  d6901189ab414fea205efcfde159b021
- SHA1
  
  15235c6e764b7b0a539662f7514ca932cf8ae26d
- SHA256
  
  20988228480b62d7e905dfb16251f054ed42903de6205ec915493a9b4d9a69c6
- SHA512
  
  74d8c57a9efaa174a81ca3e03bd6fc0b8daf9e7dc3a69cd92cfb3b7115dd52eb74a666643478e01e0a324c2eeed6f97a9632aab211ac563533f62000489e4f07
- SSDEEP
  
  6144:2DNPuIG+c8FXk7odP2+0Ne7D1BWY/83/1pJTBnvunXPemzkzeDeeeeeeeeeeeee2:2DNPuh+cuP2+0Qt783lTZvu/eGWrm
Score

3^/10

discovery
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

blackshadesdiscoveryrat

behavioral6

blackshadesdiscoveryrat

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14