Overview

overview

10

Static

static

3

password.exe

windows7-x64

10

password.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8afb346cbc42bc82e8e531811c2f7494

  • Size

    2.4MB

  • Sample

    250203-v3qsyszkcj

  • MD5

    8afb346cbc42bc82e8e531811c2f7494

  • SHA1

    3cc0c24db628953bf8d57672b75db01040edbd16

  • SHA256

    8a8b2b66ce82b865e2e3c77ab79de55db1e5114a5265cfecdc8e02205056dc9a

  • SHA512

    5fdc7811d3998dae567ddd051ba3c52b4e68faa44d1ca451f737882f19f8d521ff47068ec61bcb17fd53a88800d6527c08b8961c0bab8198be77bc81d390945e

  • SSDEEP

    49152:P++92lgXYr/1OGuMHQTGXt9gr9Q0wafk0FlRmk/xSZmNklRBSl58p:P+pGI5OMHQWY9NP/xSoNkllp

Score
10/10
blackshadesdefense_evasiondiscoverypersistencerat

Malware Config

Targets

    • Target

      password.exe

    • Size

      1.1MB

    • MD5

      fdadef5b0ffdb6fb4b92e94b9d5d0d5f

    • SHA1

      a240fa366f81ae43749f961e75521451e5278847

    • SHA256

      ea149a67bd03ce0925244fc64440de177c267185159bb6c7372598896658da91

    • SHA512

      c61a9279bf636305c3a820c941c3bf40ddd0dba9224bdf8812d9c8b0f9277e6de17dd1f629d5ad46b8a81d5f8633af668acf05b0f5cb3c1e7ddb0a25b097fc95

    • SSDEEP

      12288:3vTBBV98o0/+/mqruvu3YGLoYpse4reBlQAKxCqS1vpdSqmj2aGhYij5aBlkHk+Y:w0pFlQK/dSq4ra5dPf2XN+U

    Score
    10/10
    blackshadesdefense_evasiondiscoverypersistencerat

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

      ratblackshades

    • Blackshades family

      blackshades

    • Blackshades payload

    • Modifies firewall policy service

      defense_evasion

    • Adds policy Run key to start application

      persistence

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks