blackshades | a257c7e31548a76e478e4c9aa50734ad200b0b98d7a93edbc432fe6121a90dd4 | Triage

Submit
Reports

Overview

overview

Static

static

5

JaffaCakes...f8.exe

windows7-x64

JaffaCakes...f8.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_9f76ce9624b562e8d7ea3664f07486f8
Size

688KB
Sample

250205-pa8keaxkgm
MD5

9f76ce9624b562e8d7ea3664f07486f8
SHA1

b798277fcb74093d9ef746df141c60cd7e0bbc8a
SHA256

a257c7e31548a76e478e4c9aa50734ad200b0b98d7a93edbc432fe6121a90dd4
SHA512

bf6d00728c3c86094e612b33356c19ad95055d22c16d9a43ba9d99e7096f827e0822508f85d47715265473f08545702c9024afe41a4b3cefd1729e6bab697c90
SSDEEP

12288:nTHrK5H1KtZVFVcZz8OHXW9etAlyl07KbWbTmsbYUdaimbx9b+NbP2cfkRVy8oS:brK5H18VFJOdl07KsmjUdaP9qVP2cf+y

Score

10^/10

blackshades latentbot defense_evasion discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_9f76ce9624b562e8d7ea3664f07486f8.exe

Resource

win7-20241010-en

blackshades latentbot defense_evasion discovery persistence rat trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_9f76ce9624b562e8d7ea3664f07486f8.exe

Resource

win10v2004-20250129-en

blackshades latentbot defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

essstzttztz.zapto.org

Targets

- Target
  
  JaffaCakes118_9f76ce9624b562e8d7ea3664f07486f8
- Size
  
  688KB
- MD5
  
  9f76ce9624b562e8d7ea3664f07486f8
- SHA1
  
  b798277fcb74093d9ef746df141c60cd7e0bbc8a
- SHA256
  
  a257c7e31548a76e478e4c9aa50734ad200b0b98d7a93edbc432fe6121a90dd4
- SHA512
  
  bf6d00728c3c86094e612b33356c19ad95055d22c16d9a43ba9d99e7096f827e0822508f85d47715265473f08545702c9024afe41a4b3cefd1729e6bab697c90
- SSDEEP
  
  12288:nTHrK5H1KtZVFVcZz8OHXW9etAlyl07KbWbTmsbYUdaimbx9b+NbP2cfkRVy8oS:brK5H18VFJOdl07KsmjUdaP9qVP2cf+y
Score

10^/10

blackshades latentbot defense_evasion discovery persistence rat trojan upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies firewall policy service
  defense_evasion
- UAC bypass
  defense_evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadeslatentbotdefense_evasiondiscoverypersistencerattrojanupx

behavioral2

blackshadeslatentbotdefense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy