blackshades | b7f45652482afc03e11cd174bcc6117beb99e8372570c0103d79797f400c2bfd | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...15.exe

windows7-x64

JaffaCakes...15.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_92c243d54b0b35a07f8da66eebd66d15
Size

497KB
Sample

250204-mebecsvpbl
MD5

92c243d54b0b35a07f8da66eebd66d15
SHA1

8609d3802fc2577186c0eafa087909e9d9bb9a31
SHA256

b7f45652482afc03e11cd174bcc6117beb99e8372570c0103d79797f400c2bfd
SHA512

24ac56070058b06de18c830114617fc60c9f077a6a43efe65bcc93ce3db85391b677f0c0f65c331967a8f5e6539f6cd10656e2571e50dace61d8aeac86f32faf
SSDEEP

12288:XzH/ybHp2y21rWlFEolhfCLyBK9KZ8OeONKrv3+JvbSa:CHp2WlCoOyBKhO2v3IvR

Score

10^/10

blackshades defense_evasion discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_92c243d54b0b35a07f8da66eebd66d15.exe

Resource

win7-20241010-en

blackshades defense_evasion discovery rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_92c243d54b0b35a07f8da66eebd66d15.exe

Resource

win10v2004-20250129-en

blackshades defense_evasion discovery rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_92c243d54b0b35a07f8da66eebd66d15
- Size
  
  497KB
- MD5
  
  92c243d54b0b35a07f8da66eebd66d15
- SHA1
  
  8609d3802fc2577186c0eafa087909e9d9bb9a31
- SHA256
  
  b7f45652482afc03e11cd174bcc6117beb99e8372570c0103d79797f400c2bfd
- SHA512
  
  24ac56070058b06de18c830114617fc60c9f077a6a43efe65bcc93ce3db85391b677f0c0f65c331967a8f5e6539f6cd10656e2571e50dace61d8aeac86f32faf
- SSDEEP
  
  12288:XzH/ybHp2y21rWlFEolhfCLyBK9KZ8OeONKrv3+JvbSa:CHp2WlCoOyBKhO2v3IvR
Score

10^/10

blackshades defense_evasion discovery rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoveryrat

behavioral2

blackshadesdefense_evasiondiscoveryrat

© 2018-2025

Terms | Privacy