blackshades | 86e431507f38ada31e45211d943f0cb53a9c452467389d9e82a2251cbb717c06 | Triage

Submit
Reports

Overview

overview

Static

static

3

86e431507f...06.exe

windows7-x64

86e431507f...06.exe

windows10-2004-x64

Sharing

General

Target

86e431507f38ada31e45211d943f0cb53a9c452467389d9e82a2251cbb717c06
Size

1.6MB
Sample

250224-dc6caaznx4
MD5

953c7777f56b3099939d6a50a5ef4d95
SHA1

cb920027dae7b9f56e268440cd29328a2f559cc5
SHA256

86e431507f38ada31e45211d943f0cb53a9c452467389d9e82a2251cbb717c06
SHA512

9b6c31ed6a158d38106d1994f9fcd0874aa8d536e56177f7c8a70000e660b3ef51dbb44f04537a105d223a2a4093b909e4551e99e7fa22f3d223fab838e6d77a
SSDEEP

12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uo:WkB4tpHlgGjlLHlFoq2d5o

Score

10^/10

blackshades defense_evasion discovery persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

86e431507f38ada31e45211d943f0cb53a9c452467389d9e82a2251cbb717c06.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery persistence rat upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

86e431507f38ada31e45211d943f0cb53a9c452467389d9e82a2251cbb717c06.exe

Resource

win10v2004-20250217-en

blackshades defense_evasion discovery persistence rat upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  86e431507f38ada31e45211d943f0cb53a9c452467389d9e82a2251cbb717c06
- Size
  
  1.6MB
- MD5
  
  953c7777f56b3099939d6a50a5ef4d95
- SHA1
  
  cb920027dae7b9f56e268440cd29328a2f559cc5
- SHA256
  
  86e431507f38ada31e45211d943f0cb53a9c452467389d9e82a2251cbb717c06
- SHA512
  
  9b6c31ed6a158d38106d1994f9fcd0874aa8d536e56177f7c8a70000e660b3ef51dbb44f04537a105d223a2a4093b909e4551e99e7fa22f3d223fab838e6d77a
- SSDEEP
  
  12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uo:WkB4tpHlgGjlLHlFoq2d5o
Score

10^/10

blackshades defense_evasion discovery persistence rat upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistenceratupx

behavioral2

blackshadesdefense_evasiondiscoverypersistenceratupx

© 2018-2025

Terms | Privacy