Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0679305060.exe

windows7-x64

10

0679305060.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6a2303fdec64bda45101d8a1ea481689

  • Size

    594KB

  • Sample

    250312-k4tk5avj14

  • MD5

    6a2303fdec64bda45101d8a1ea481689

  • SHA1

    28ee0097171a15f48d5aaa7e165892c753d3e842

  • SHA256

    096a5fbe0149c97fa7abce72f15405be6468e1236ca3773c338cbe28b2b5d7ff

  • SHA512

    dca9a750c97c9625058ae305edf99d4481c75f5366fa7b1525b13ea2e50d31015d95483e8839c02beacd95b4ba99441a2e24ca2b317d4c0339fa7c0d9e707eac

  • SSDEEP

    12288:APrYKzVfbg+D7yGMs/DeP0UG+HG4d4hoRgSbPsksSa863k:AzYKzVfc+CJWUI/4d4S+STsbdr3k

Score
10/10
blackshadesdefense_evasiondiscoverypersistencerat

Malware Config

Targets

    • Target

      0679305060.exe

    • Size

      686KB

    • MD5

      112acfeea6e551a1b985c3a729fe2bf3

    • SHA1

      4f21582bcf25885bf89a16fe050600c800fde854

    • SHA256

      d135e3ab8847582fb29aef7eefa69f9da18ac5751505d66183743f746bf17d08

    • SHA512

      d8ccba361f9513d8709c3b7f92da3e9fc8d98a4cfc4cc0ea3a13b8c035e98a76494257eb2abf2d80b2789ec5606992a17bf3e6db8ad057d42132404b903e46e6

    • SSDEEP

      12288:35lAFyf4N5VX6MH6mpIsEzQbccU/9+ILLp29F:334F6MtpEUbcj/9+Ip

    Score
    10/10
    blackshadesdefense_evasiondiscoverypersistencerat

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

      ratblackshades

    • Blackshades family

      blackshades

    • Blackshades payload

    • Modifies firewall policy service

      defense_evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks