blackshades | 88a1020816644fd661c2f5b03a69c36af284f800e175522434bac04563f33f4c | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...06.exe

windows7-x64

JaffaCakes...06.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_5450e7c326c04b6f5e7039d68c945306
Size

380KB
Sample

250306-bb59satxaz
MD5

5450e7c326c04b6f5e7039d68c945306
SHA1

99fbe23dd29f6ad71c35be9f049c8f8cf351d180
SHA256

88a1020816644fd661c2f5b03a69c36af284f800e175522434bac04563f33f4c
SHA512

82a614a075d631515963f5ec0486dd28ef6746079e67b572452ce46d48add1db9846dd2e0e84f19e50568a06e7b5a946cbc0a243e14ca59f3fae3051617eb245
SSDEEP

6144:IBzTMcSsDkWU+FGdBc8xOJzS1Z6Ig1dlA82sRLTsBTvb/UCVbHR:7mkW5gBOSD6dd3jZsTT/7

Score

10^/10

blackshades defense_evasion discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_5450e7c326c04b6f5e7039d68c945306.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery persistence rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_5450e7c326c04b6f5e7039d68c945306.exe

Resource

win10v2004-20250217-en

blackshades defense_evasion discovery persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_5450e7c326c04b6f5e7039d68c945306
- Size
  
  380KB
- MD5
  
  5450e7c326c04b6f5e7039d68c945306
- SHA1
  
  99fbe23dd29f6ad71c35be9f049c8f8cf351d180
- SHA256
  
  88a1020816644fd661c2f5b03a69c36af284f800e175522434bac04563f33f4c
- SHA512
  
  82a614a075d631515963f5ec0486dd28ef6746079e67b572452ce46d48add1db9846dd2e0e84f19e50568a06e7b5a946cbc0a243e14ca59f3fae3051617eb245
- SSDEEP
  
  6144:IBzTMcSsDkWU+FGdBc8xOJzS1Z6Ig1dlA82sRLTsBTvb/UCVbHR:7mkW5gBOSD6dd3jZsTT/7
Score

10^/10

blackshades defense_evasion discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerat

behavioral2

blackshadesdefense_evasiondiscoverypersistencerat

© 2018-2025

Terms | Privacy