blackshades | 113504093a1ace8cfb36b2238326cf17cb97396a73f4851757e9ee1be2c3a218 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...15.exe

windows7-x64

JaffaCakes...15.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_6432f03039426c687358f9f9c271f915
Size

581KB
Sample

250130-s2t3wavnhx
MD5

6432f03039426c687358f9f9c271f915
SHA1

71f0a33b7b607d078dd5040b106c7e8f4250953c
SHA256

113504093a1ace8cfb36b2238326cf17cb97396a73f4851757e9ee1be2c3a218
SHA512

367f358362ce577ca1504ae2d90d79a6661b99ccb3739db605f332fa9634f0abff88352bfa86added55bd78965fb3f5755e48db63d0664f466f0b47be389bacd
SSDEEP

12288:E5j3mAuTO2R7swDaYeYX++G7nrhM5iZlWN0Il6Utjl:s3mYWYjY

Score

10^/10

blackshades defense_evasion discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6432f03039426c687358f9f9c271f915.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery persistence rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6432f03039426c687358f9f9c271f915.exe

Resource

win10v2004-20250129-en

blackshades defense_evasion discovery persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_6432f03039426c687358f9f9c271f915
- Size
  
  581KB
- MD5
  
  6432f03039426c687358f9f9c271f915
- SHA1
  
  71f0a33b7b607d078dd5040b106c7e8f4250953c
- SHA256
  
  113504093a1ace8cfb36b2238326cf17cb97396a73f4851757e9ee1be2c3a218
- SHA512
  
  367f358362ce577ca1504ae2d90d79a6661b99ccb3739db605f332fa9634f0abff88352bfa86added55bd78965fb3f5755e48db63d0664f466f0b47be389bacd
- SSDEEP
  
  12288:E5j3mAuTO2R7swDaYeYX++G7nrhM5iZlWN0Il6Utjl:s3mYWYjY
Score

10^/10

blackshades defense_evasion discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerat

behavioral2

blackshadesdefense_evasiondiscoverypersistencerat

© 2018-2025

Terms | Privacy