blackshades | e546d6ed8338f3a3424ac287880c7fff9f82884a5336debaab3510c625bb46d5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...df.exe

windows7-x64

JaffaCakes...df.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_08f8c45aea5087b5960330db67049ddf
Size

527KB
Sample

250220-cdvrhawjz9
MD5

08f8c45aea5087b5960330db67049ddf
SHA1

6742f2abd64c50a7b44e4a38ce8d03387a6b8881
SHA256

e546d6ed8338f3a3424ac287880c7fff9f82884a5336debaab3510c625bb46d5
SHA512

e72a6458c4bddb0ecc386b5110728f595fb2d0435f92cf8734dc9c9c06a98bd414fc71620d7c658e5cca1a52b9dfedb5899c3b583be894cdb29d5d1e9f0cb7bb
SSDEEP

12288:TfL0kx263acmYLE1emP3TE/Uxun+qku7m42ACpPbOJuX+k2R+AOx:8kxR3S1JPQ/Uxun+qkWj2ACpPqouk2e

Score

10^/10

blackshades discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_08f8c45aea5087b5960330db67049ddf.exe

Resource

win7-20240903-en

blackshades discovery persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_08f8c45aea5087b5960330db67049ddf.exe

Resource

win10v2004-20250217-en

blackshades discovery persistence rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_08f8c45aea5087b5960330db67049ddf
- Size
  
  527KB
- MD5
  
  08f8c45aea5087b5960330db67049ddf
- SHA1
  
  6742f2abd64c50a7b44e4a38ce8d03387a6b8881
- SHA256
  
  e546d6ed8338f3a3424ac287880c7fff9f82884a5336debaab3510c625bb46d5
- SHA512
  
  e72a6458c4bddb0ecc386b5110728f595fb2d0435f92cf8734dc9c9c06a98bd414fc71620d7c658e5cca1a52b9dfedb5899c3b583be894cdb29d5d1e9f0cb7bb
- SSDEEP
  
  12288:TfL0kx263acmYLE1emP3TE/Uxun+qku7m42ACpPbOJuX+k2R+AOx:8kxR3S1JPQ/Uxun+qkWj2ACpPqouk2e
Score

10^/10

blackshades discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdiscoverypersistencerat

behavioral2

blackshadesdiscoverypersistencerat

© 2018-2025

Terms | Privacy