blackshades | 588b2bdeefdea9998bf5c62cfc69b29180c58860f4b317db573401a4b7bc1b2f | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...9f.exe

windows7-x64

JaffaCakes...9f.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_800dd2aeba8bce13665e587b9efdfe9f
Size

2.9MB
Sample

250202-x56nasvqhy
MD5

800dd2aeba8bce13665e587b9efdfe9f
SHA1

498e0b2057afeecfb5bcca3e840125b5953cc589
SHA256

588b2bdeefdea9998bf5c62cfc69b29180c58860f4b317db573401a4b7bc1b2f
SHA512

307c2503239e543d874cedc6335fc72071c4504591b6223aa74598721e5d861ac07cbcabc785753c182950935c4b5fc68293e2b21d4847e53433e75cf857fe09
SSDEEP

49152:Nepaicm6+rWY73xyPBkmz9xFgosY0WMYQ52Ku:lm6VY73xG6UnTEWkdu

Score

10^/10

blackshades defense_evasion discovery persistence privilege_escalation rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_800dd2aeba8bce13665e587b9efdfe9f.exe

Resource

win7-20241010-en

blackshades defense_evasion discovery persistence privilege_escalation rat

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_800dd2aeba8bce13665e587b9efdfe9f.exe

Resource

win10v2004-20250129-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_800dd2aeba8bce13665e587b9efdfe9f
- Size
  
  2.9MB
- MD5
  
  800dd2aeba8bce13665e587b9efdfe9f
- SHA1
  
  498e0b2057afeecfb5bcca3e840125b5953cc589
- SHA256
  
  588b2bdeefdea9998bf5c62cfc69b29180c58860f4b317db573401a4b7bc1b2f
- SHA512
  
  307c2503239e543d874cedc6335fc72071c4504591b6223aa74598721e5d861ac07cbcabc785753c182950935c4b5fc68293e2b21d4847e53433e75cf857fe09
- SSDEEP
  
  49152:Nepaicm6+rWY73xyPBkmz9xFgosY0WMYQ52Ku:lm6VY73xG6UnTEWkdu
Score

10^/10

blackshades defense_evasion discovery persistence privilege_escalation rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Drops startup file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistenceprivilege_escalationrat

behavioral2

© 2018-2025

Terms | Privacy