blackshades | c3bff9a3370b7c6ab0ed9aee5df43728d3ce9308a642ecb9bd2be5c9d312aa9c | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...b9.exe

windows7-x64

JaffaCakes...b9.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_8f34a29b9080309ad1f8971108040ab9
Size

456KB
Sample

250204-dfvd7atrfp
MD5

8f34a29b9080309ad1f8971108040ab9
SHA1

35224f2f1140836122f4e3eff9cdbec7e8127d05
SHA256

c3bff9a3370b7c6ab0ed9aee5df43728d3ce9308a642ecb9bd2be5c9d312aa9c
SHA512

4dc4198dad154e14fb8eaf81e58d6316d8312ae87b9043c9bd7d524926cf2ec40d7fb81d3ae426ff46b581d10dfffd4237ca378708b3145eea21350baf86e453
SSDEEP

12288:qqy6m/BCfGKEQA0cUH2VMCAlMl8Ynnnul7u5GDh9OLJDyiLBHnnnHpEJNOfEDhNF:C6m/BCfGKEQA0cUH2VMCAlrYnnnul7uG

Score

10^/10

blackshades defense_evasion discovery rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8f34a29b9080309ad1f8971108040ab9.exe

Resource

win7-20241023-en

blackshades defense_evasion discovery rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8f34a29b9080309ad1f8971108040ab9.exe

Resource

win10v2004-20250129-en

blackshades defense_evasion discovery rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_8f34a29b9080309ad1f8971108040ab9
- Size
  
  456KB
- MD5
  
  8f34a29b9080309ad1f8971108040ab9
- SHA1
  
  35224f2f1140836122f4e3eff9cdbec7e8127d05
- SHA256
  
  c3bff9a3370b7c6ab0ed9aee5df43728d3ce9308a642ecb9bd2be5c9d312aa9c
- SHA512
  
  4dc4198dad154e14fb8eaf81e58d6316d8312ae87b9043c9bd7d524926cf2ec40d7fb81d3ae426ff46b581d10dfffd4237ca378708b3145eea21350baf86e453
- SSDEEP
  
  12288:qqy6m/BCfGKEQA0cUH2VMCAlMl8Ynnnul7u5GDh9OLJDyiLBHnnnHpEJNOfEDhNF:C6m/BCfGKEQA0cUH2VMCAlrYnnnul7uG
Score

10^/10

blackshades defense_evasion discovery rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoveryrat

behavioral2

blackshadesdefense_evasiondiscoveryrat

© 2018-2025

Terms | Privacy