blackshades | 0e3b42ca05aa9fc68bd72a00bf54a9c58465723dd7a8bf72d853e8ce7a7fbfbd | Triage

Submit
Reports

Overview

overview

Static

static

3

0e3b42ca05...bd.exe

windows7-x64

0e3b42ca05...bd.exe

windows10-2004-x64

Sharing

General

Target

0e3b42ca05aa9fc68bd72a00bf54a9c58465723dd7a8bf72d853e8ce7a7fbfbd
Size

520KB
Sample

250310-yhzf5swygt
MD5

8dd7367d4f6217d792a9f5ad0fb3b64b
SHA1

2c18e3bce4620eabbf9f4f233c8fc0f16863e5f0
SHA256

0e3b42ca05aa9fc68bd72a00bf54a9c58465723dd7a8bf72d853e8ce7a7fbfbd
SHA512

1ef67766e26d8ac0ca693e09ccb8ccc021f0f1b6934f13f875e9c7e73e7f7b6f898b99b62edd54272c42070af63565685997a03c6f738d7968e121b626906712
SSDEEP

12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXp:zW6ncoyqOp6IsTl/mXp

Score

10^/10

blackshades defense_evasion discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0e3b42ca05aa9fc68bd72a00bf54a9c58465723dd7a8bf72d853e8ce7a7fbfbd.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery persistence rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e3b42ca05aa9fc68bd72a00bf54a9c58465723dd7a8bf72d853e8ce7a7fbfbd.exe

Resource

win10v2004-20250217-en

blackshades defense_evasion discovery persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e3b42ca05aa9fc68bd72a00bf54a9c58465723dd7a8bf72d853e8ce7a7fbfbd
- Size
  
  520KB
- MD5
  
  8dd7367d4f6217d792a9f5ad0fb3b64b
- SHA1
  
  2c18e3bce4620eabbf9f4f233c8fc0f16863e5f0
- SHA256
  
  0e3b42ca05aa9fc68bd72a00bf54a9c58465723dd7a8bf72d853e8ce7a7fbfbd
- SHA512
  
  1ef67766e26d8ac0ca693e09ccb8ccc021f0f1b6934f13f875e9c7e73e7f7b6f898b99b62edd54272c42070af63565685997a03c6f738d7968e121b626906712
- SSDEEP
  
  12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXp:zW6ncoyqOp6IsTl/mXp
Score

10^/10

blackshades defense_evasion discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerat

behavioral2

blackshadesdefense_evasiondiscoverypersistencerat

© 2018-2025

Terms | Privacy