blackshades

General

Target

JaffaCakes118_5a1f0ba6ab69561d7edc58c56c7aca78
Size

763KB
Sample

250309-tz8nxsvqv3
MD5

5a1f0ba6ab69561d7edc58c56c7aca78
SHA1

adf1d995abbfbfe04e08eebcb077af8c63df524f
SHA256

2ae7e0d17d5e8ce730c11a9aa744ac5089e23d9313286da3c27dcee082d6e59f
SHA512

1ab3b5678423c24e768ff7567648e8fae4002a9f9e84617f3b4c8d45b3fa09cc994172dff1fea2d335a6677c02f3860c2e7543346a6c7bad3463d944611c6d52
SSDEEP

12288:a6Wq4aaE6KwyF5L0Y2D1PqLjna3ZxUoJGdKZCsS8+m2W6hGcN1nuevG2MXuE:4thEVaPqL28oJGdfsj+mUhZuL2+

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_5a1f0ba6ab69561d7edc58c56c7aca78
- Size
  
  763KB
- MD5
  
  5a1f0ba6ab69561d7edc58c56c7aca78
- SHA1
  
  adf1d995abbfbfe04e08eebcb077af8c63df524f
- SHA256
  
  2ae7e0d17d5e8ce730c11a9aa744ac5089e23d9313286da3c27dcee082d6e59f
- SHA512
  
  1ab3b5678423c24e768ff7567648e8fae4002a9f9e84617f3b4c8d45b3fa09cc994172dff1fea2d335a6677c02f3860c2e7543346a6c7bad3463d944611c6d52
- SSDEEP
  
  12288:a6Wq4aaE6KwyF5L0Y2D1PqLjna3ZxUoJGdKZCsS8+m2W6hGcN1nuevG2MXuE:4thEVaPqL28oJGdfsj+mUhZuL2+
Score

10^/10

blackshades defense_evasion discovery execution persistence rat trojan upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- UAC bypass
  defense_evasion trojan
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Stops running service(s)
  defense_evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2