blackshades

General

Target

JaffaCakes118_9910fa29b8f629fef294a96faacb9d3f
Size

1.6MB
Sample

250330-yncjkaxry6
MD5

9910fa29b8f629fef294a96faacb9d3f
SHA1

39fef68135b3e264bbf5e772f77f3d597f68a1b4
SHA256

9a9867db74c4f73b05f9846aa61d8216b50c280f71abc28bf05a7c4cf1df07ed
SHA512

5e9c48961ab2f04ad8e8707d2806673500b01a2b9f4388372116afbc0c3f4dddb51e0bc949fb473e8ae7aebd5514417a9c042c99c83c60fce1ad5d0080f17861
SSDEEP

49152:kt586pw9pIf4QzpbdmpXm3Qx2RzevU9NQ85T/:giSr1z3cWAx2RzKgm85/

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_9910fa29b8f629fef294a96faacb9d3f
- Size
  
  1.6MB
- MD5
  
  9910fa29b8f629fef294a96faacb9d3f
- SHA1
  
  39fef68135b3e264bbf5e772f77f3d597f68a1b4
- SHA256
  
  9a9867db74c4f73b05f9846aa61d8216b50c280f71abc28bf05a7c4cf1df07ed
- SHA512
  
  5e9c48961ab2f04ad8e8707d2806673500b01a2b9f4388372116afbc0c3f4dddb51e0bc949fb473e8ae7aebd5514417a9c042c99c83c60fce1ad5d0080f17861
- SSDEEP
  
  49152:kt586pw9pIf4QzpbdmpXm3Qx2RzevU9NQ85T/:giSr1z3cWAx2RzKgm85/
Score

10^/10

blackshades defense_evasion discovery persistence rat upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2