blackshades | 6ea32525bdd7fb538e97a9ec22b4e7e8c4f3d062d04ec64224f19fef3f6b76f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...6e.exe

windows7-x64

JaffaCakes...6e.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_51ac72aa5af11079f2c2ca22d0bf036e
Size

2.7MB
Sample

250305-mg3avswthz
MD5

51ac72aa5af11079f2c2ca22d0bf036e
SHA1

babda013a93e16274212ff57c1eef55856594eeb
SHA256

6ea32525bdd7fb538e97a9ec22b4e7e8c4f3d062d04ec64224f19fef3f6b76f4
SHA512

472aee0848f843784375c578a5afc6d3887099ef6e1841fe9bc24923032ec0fabce7ca0a51fac8ffc4f77393c44ec40dcc947ac5d6aa9ef2b334b7cc5e232e5f
SSDEEP

24576:7X1b1wQfjhVGQzqy7fzyW15DjezqzBxxzyVFwYF69Vi4KtftNdmQgfLaO3TE6L6f:Hn8W66KpHQoRDwNQDxn

Score

10^/10

blackshades defense_evasion discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_51ac72aa5af11079f2c2ca22d0bf036e.exe

Resource

win7-20241023-en

blackshades defense_evasion discovery rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_51ac72aa5af11079f2c2ca22d0bf036e.exe

Resource

win10v2004-20250217-en

blackshades defense_evasion discovery rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_51ac72aa5af11079f2c2ca22d0bf036e
- Size
  
  2.7MB
- MD5
  
  51ac72aa5af11079f2c2ca22d0bf036e
- SHA1
  
  babda013a93e16274212ff57c1eef55856594eeb
- SHA256
  
  6ea32525bdd7fb538e97a9ec22b4e7e8c4f3d062d04ec64224f19fef3f6b76f4
- SHA512
  
  472aee0848f843784375c578a5afc6d3887099ef6e1841fe9bc24923032ec0fabce7ca0a51fac8ffc4f77393c44ec40dcc947ac5d6aa9ef2b334b7cc5e232e5f
- SSDEEP
  
  24576:7X1b1wQfjhVGQzqy7fzyW15DjezqzBxxzyVFwYF69Vi4KtftNdmQgfLaO3TE6L6f:Hn8W66KpHQoRDwNQDxn
Score

10^/10

blackshades defense_evasion discovery rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoveryrat

behavioral2

blackshadesdefense_evasiondiscoveryrat

© 2018-2025

Terms | Privacy