blackshades | 35d79d2e603e47430c266f7d6f5aaa84509736384a24aa67410ebc81eec8d022 | Triage

Submit
Reports

Overview

overview

Static

static

5

JaffaCakes...23.exe

windows7-x64

JaffaCakes...23.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_aeb028b47f5b69f82677d46efc6f1d23
Size

901KB
Sample

250206-x81w8awnek
MD5

aeb028b47f5b69f82677d46efc6f1d23
SHA1

e01403f7d203e413bda40495229c3b65be9c206f
SHA256

35d79d2e603e47430c266f7d6f5aaa84509736384a24aa67410ebc81eec8d022
SHA512

86de2a3d34f9d0acdaeecde8dea0a8650f5fa61af4f1bbc823c1f1ff8182db45deba803965e915c78b9b04b0c9a642c99f65e6e4770b4db1b090d9fa06d65b44
SSDEEP

12288:shkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a3BE4t426i60KjXtweFV:kRmJkcoQricOIQxiZY1ia3BE4a2363h

Score

10^/10

blackshades defense_evasion discovery persistence rat upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_aeb028b47f5b69f82677d46efc6f1d23.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery persistence rat upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_aeb028b47f5b69f82677d46efc6f1d23.exe

Resource

win10v2004-20241007-en

blackshades defense_evasion discovery persistence rat upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_aeb028b47f5b69f82677d46efc6f1d23
- Size
  
  901KB
- MD5
  
  aeb028b47f5b69f82677d46efc6f1d23
- SHA1
  
  e01403f7d203e413bda40495229c3b65be9c206f
- SHA256
  
  35d79d2e603e47430c266f7d6f5aaa84509736384a24aa67410ebc81eec8d022
- SHA512
  
  86de2a3d34f9d0acdaeecde8dea0a8650f5fa61af4f1bbc823c1f1ff8182db45deba803965e915c78b9b04b0c9a642c99f65e6e4770b4db1b090d9fa06d65b44
- SSDEEP
  
  12288:shkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a3BE4t426i60KjXtweFV:kRmJkcoQricOIQxiZY1ia3BE4a2363h
Score

10^/10

blackshades defense_evasion discovery persistence rat upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistenceratupx

behavioral2

blackshadesdefense_evasiondiscoverypersistenceratupx

© 2018-2025

Terms | Privacy