blackshades | df1bf8af7030dfb6c3871314fa0e55405bb1a1d41d3943ac96ba9f19006c854b | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...95.exe

windows7-x64

JaffaCakes...95.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_5f3b2bc4fdbd5416aa1329c364316995
Size

704KB
Sample

250310-p3zg7svzat
MD5

5f3b2bc4fdbd5416aa1329c364316995
SHA1

d798f10b6ea6b36924e46eebacfb6a8468b55ec6
SHA256

df1bf8af7030dfb6c3871314fa0e55405bb1a1d41d3943ac96ba9f19006c854b
SHA512

d9057c6e2f9224289a44ba30dcd5cc82226f5dfbe1c5a1598a9489298b4eedd844e70a6c6090ca86a9a247e072028b17b2627fea27dc8e0c6ef8d8e8d432ec59
SSDEEP

12288:CN5VwkA3RvcGo6k5u3kFpm61J+Zg1DztDnaHZE3h4nLlg7j8Cqd3/O+fvcUcnAsT:C/OalhJRaHZu4n2j0jvuG

Score

10^/10

blackshades defense_evasion discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_5f3b2bc4fdbd5416aa1329c364316995.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery rat

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_5f3b2bc4fdbd5416aa1329c364316995.exe

Resource

win10v2004-20250217-en

blackshades defense_evasion discovery rat

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_5f3b2bc4fdbd5416aa1329c364316995
- Size
  
  704KB
- MD5
  
  5f3b2bc4fdbd5416aa1329c364316995
- SHA1
  
  d798f10b6ea6b36924e46eebacfb6a8468b55ec6
- SHA256
  
  df1bf8af7030dfb6c3871314fa0e55405bb1a1d41d3943ac96ba9f19006c854b
- SHA512
  
  d9057c6e2f9224289a44ba30dcd5cc82226f5dfbe1c5a1598a9489298b4eedd844e70a6c6090ca86a9a247e072028b17b2627fea27dc8e0c6ef8d8e8d432ec59
- SSDEEP
  
  12288:CN5VwkA3RvcGo6k5u3kFpm61J+Zg1DztDnaHZE3h4nLlg7j8Cqd3/O+fvcUcnAsT:C/OalhJRaHZu4n2j0jvuG
Score

10^/10

blackshades defense_evasion discovery rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoveryrat

behavioral2

blackshadesdefense_evasiondiscoveryrat

© 2018-2025

Terms | Privacy