blackshades | 18d948ab2ce3e9c9fc68d0fde58adeea76f354ec9a1aa038811e5acccf802d5d | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...0c.exe

windows7-x64

JaffaCakes...0c.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_95d1c10659e169bf73da92e4ee39060c
Size

876KB
Sample

250329-yhw11sv1cw
MD5

95d1c10659e169bf73da92e4ee39060c
SHA1

9c19015abb21ec2ad033624267ea6d476fed3899
SHA256

18d948ab2ce3e9c9fc68d0fde58adeea76f354ec9a1aa038811e5acccf802d5d
SHA512

74c12459d337a81c40f6b7f009a0deb63aa8546ddc79b6e9f955f4865ca4166607b5f2156b57795bdbe82e0d974fbfa587e3917b4f9fc4637ae45f91464d6b0f
SSDEEP

12288:hsPPfxSfzaIsqF5P6gjS22okDRRi8/SokLgYN6/TwkB9aVp+pkWCSLDOTOJMd:u/xSbaSF5oourScYN6/Ue9aV/S/OTYM

Score

10^/10

blackshades defense_evasion discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_95d1c10659e169bf73da92e4ee39060c.exe

Resource

win7-20240903-en

blackshades defense_evasion discovery rat

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_95d1c10659e169bf73da92e4ee39060c.exe

Resource

win10v2004-20250314-en

blackshades defense_evasion discovery rat

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_95d1c10659e169bf73da92e4ee39060c
- Size
  
  876KB
- MD5
  
  95d1c10659e169bf73da92e4ee39060c
- SHA1
  
  9c19015abb21ec2ad033624267ea6d476fed3899
- SHA256
  
  18d948ab2ce3e9c9fc68d0fde58adeea76f354ec9a1aa038811e5acccf802d5d
- SHA512
  
  74c12459d337a81c40f6b7f009a0deb63aa8546ddc79b6e9f955f4865ca4166607b5f2156b57795bdbe82e0d974fbfa587e3917b4f9fc4637ae45f91464d6b0f
- SSDEEP
  
  12288:hsPPfxSfzaIsqF5P6gjS22okDRRi8/SokLgYN6/TwkB9aVp+pkWCSLDOTOJMd:u/xSbaSF5oourScYN6/Ue9aV/S/OTYM
Score

10^/10

blackshades defense_evasion discovery rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoveryrat

behavioral2

blackshadesdefense_evasiondiscoveryrat

© 2018-2025

Terms | Privacy