blackshades | 003238bd9b23c6d5d65508990ff510811fb31e4be39e31ed49a67036b1bb194c | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...7b.exe

windows7-x64

JaffaCakes...7b.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_b44c7f64dcb19079254fa44e4f8a387b
Size

977KB
Sample

250207-hvxkbasrcs
MD5

b44c7f64dcb19079254fa44e4f8a387b
SHA1

873bc662684885172e561657f499db4d5ab963c0
SHA256

003238bd9b23c6d5d65508990ff510811fb31e4be39e31ed49a67036b1bb194c
SHA512

b1dd71220a2e6991f7c887c606d33b7567286a62a9a74633c055625f11e99d3a73397986d100358868c1b24ba0bb6a67c9481bd0a7fd394d5f8acd9cc3ccfa67
SSDEEP

12288:Xpi2L3tJ2FSlRvvm6j7IrUf1wKvp3wL7dEErjRSPphVRFCE0aJA+kPzXs3D9Qgvc:X8y2IvPjErQwOG7dnj+LwaVkrXcD2

Score

10^/10

blackshades cybergate sheik defense_evasion discovery persistence rat stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_b44c7f64dcb19079254fa44e4f8a387b.exe

Resource

win7-20240903-en

blackshades cybergate sheik defense_evasion discovery persistence rat stealer trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_b44c7f64dcb19079254fa44e4f8a387b.exe

Resource

win10v2004-20250129-en

blackshades cybergate sheik defense_evasion discovery rat stealer trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

sheik

C2

darksc.zapto.org:615

Mutex

82NOM0L1QVA777

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
SearchIndexer.exe
install_dir
WindDir
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Update Successful. Movie should start shortly
message_box_title
Quicktime
password
bigdaddy

Targets

- Target
  
  JaffaCakes118_b44c7f64dcb19079254fa44e4f8a387b
- Size
  
  977KB
- MD5
  
  b44c7f64dcb19079254fa44e4f8a387b
- SHA1
  
  873bc662684885172e561657f499db4d5ab963c0
- SHA256
  
  003238bd9b23c6d5d65508990ff510811fb31e4be39e31ed49a67036b1bb194c
- SHA512
  
  b1dd71220a2e6991f7c887c606d33b7567286a62a9a74633c055625f11e99d3a73397986d100358868c1b24ba0bb6a67c9481bd0a7fd394d5f8acd9cc3ccfa67
- SSDEEP
  
  12288:Xpi2L3tJ2FSlRvvm6j7IrUf1wKvp3wL7dEErjRSPphVRFCE0aJA+kPzXs3D9Qgvc:X8y2IvPjErQwOG7dnj+LwaVkrXcD2
Score

10^/10

blackshades cybergate sheik defense_evasion discovery persistence rat stealer trojan upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Modifies firewall policy service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadescybergatesheikdefense_evasiondiscoverypersistenceratstealertrojanupx

behavioral2

blackshadescybergatesheikdefense_evasiondiscoveryratstealertrojanupx

© 2018-2025

Terms | Privacy