blackshades | 69fe9709d0e00c94d1b5580239121bc2fa721886b7502e7b2cd0fe084cec0b5b | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...52.exe

windows7-x64

JaffaCakes...52.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_491fe07d3dc4fadca10c0b9618033352
Size

681KB
Sample

250303-zrp5hayps8
MD5

491fe07d3dc4fadca10c0b9618033352
SHA1

70f3664e714f9008865bd2f0eaad684a06f40c0e
SHA256

69fe9709d0e00c94d1b5580239121bc2fa721886b7502e7b2cd0fe084cec0b5b
SHA512

a5eec84a745dc145fa6f181c0b5f31f0d9522e578efcb900c2f633019fb53886e2e92e2addf33d21b31412690b5a1078852f368e5e1c61c0c952e5bf13f3cea0
SSDEEP

12288:ccVCxviKaXQndUEyE+4F25TdE+k7/0VImFjXN6gmNFfLa+emKkYPFN:ccVCxviKaXQndUEJ+4Iu/mFjXN6DNFTH

Score

10^/10

blackshades defense_evasion discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_491fe07d3dc4fadca10c0b9618033352.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery persistence rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_491fe07d3dc4fadca10c0b9618033352.exe

Resource

win10v2004-20250217-en

blackshades defense_evasion discovery persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_491fe07d3dc4fadca10c0b9618033352
- Size
  
  681KB
- MD5
  
  491fe07d3dc4fadca10c0b9618033352
- SHA1
  
  70f3664e714f9008865bd2f0eaad684a06f40c0e
- SHA256
  
  69fe9709d0e00c94d1b5580239121bc2fa721886b7502e7b2cd0fe084cec0b5b
- SHA512
  
  a5eec84a745dc145fa6f181c0b5f31f0d9522e578efcb900c2f633019fb53886e2e92e2addf33d21b31412690b5a1078852f368e5e1c61c0c952e5bf13f3cea0
- SSDEEP
  
  12288:ccVCxviKaXQndUEyE+4F25TdE+k7/0VImFjXN6gmNFfLa+emKkYPFN:ccVCxviKaXQndUEJ+4Iu/mFjXN6DNFTH
Score

10^/10

blackshades defense_evasion discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerat

behavioral2

blackshadesdefense_evasiondiscoverypersistencerat

© 2018-2025

Terms | Privacy