blackshades | 2f9d5e6f06708ae86087d78c44998df48fda4be49c92e008aaa64210eb7f8489 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...45.exe

windows7-x64

JaffaCakes...45.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_17198e90194f3fd589021ec6cb49d145
Size

427KB
Sample

250222-ef9pjszjt6
MD5

17198e90194f3fd589021ec6cb49d145
SHA1

c4f8406030c9bc3d90fb8356b9433eab29a6eb1b
SHA256

2f9d5e6f06708ae86087d78c44998df48fda4be49c92e008aaa64210eb7f8489
SHA512

58db0709b32575f2ae157626dc338e064bff69076526329825cf315b9bddb63d5b24cbf9b331c16a504bf0644d3169f4dc94e95e54d17609021d9b0256acf430
SSDEEP

12288:KWehNSfG3z3fDrMoxfr2/bOSwRl0UruMZqV5CdVe:KW3fsPEoxYbObRlfrFbe

Score

10^/10

blackshades defense_evasion discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_17198e90194f3fd589021ec6cb49d145.exe

Resource

win7-20241010-en

blackshades defense_evasion discovery rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_17198e90194f3fd589021ec6cb49d145.exe

Resource

win10v2004-20250217-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_17198e90194f3fd589021ec6cb49d145
- Size
  
  427KB
- MD5
  
  17198e90194f3fd589021ec6cb49d145
- SHA1
  
  c4f8406030c9bc3d90fb8356b9433eab29a6eb1b
- SHA256
  
  2f9d5e6f06708ae86087d78c44998df48fda4be49c92e008aaa64210eb7f8489
- SHA512
  
  58db0709b32575f2ae157626dc338e064bff69076526329825cf315b9bddb63d5b24cbf9b331c16a504bf0644d3169f4dc94e95e54d17609021d9b0256acf430
- SSDEEP
  
  12288:KWehNSfG3z3fDrMoxfr2/bOSwRl0UruMZqV5CdVe:KW3fsPEoxYbObRlfrFbe
Score

10^/10

blackshades defense_evasion discovery rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoveryrat

behavioral2

© 2018-2025

Terms | Privacy