blackshades | ad9d4850d66a6daacd49b1db769b214767a3d6672b1ab8da23c1fd8c49e82f62 | Triage

Submit
Reports

Overview

overview

Static

static

3

ad9d4850d6...62.exe

windows10-2004-x64

Sharing

General

Target

ad9d4850d66a6daacd49b1db769b214767a3d6672b1ab8da23c1fd8c49e82f62
Size

520KB
Sample

250401-hjy9rsvyas
MD5

f22e4c8ddaf28f4dff8a71497169e78f
SHA1

1370d731ef1a4b01edf47dbc72cfd6abb9b76d6f
SHA256

ad9d4850d66a6daacd49b1db769b214767a3d6672b1ab8da23c1fd8c49e82f62
SHA512

3f2153c6cbf463086af6bd4338fc3998ded0d0aa09b37bb37229992ec358fbbfcbda4f77c5088436ffd387862d56c8d592e1c9d2fa3b62810acedec439f0311d
SSDEEP

12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXx:zW6ncoyqOp6IsTl/mXx

Score

10^/10

blackshades defense_evasion discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ad9d4850d66a6daacd49b1db769b214767a3d6672b1ab8da23c1fd8c49e82f62.exe

Resource

win10v2004-20250314-en

blackshades defense_evasion discovery persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ad9d4850d66a6daacd49b1db769b214767a3d6672b1ab8da23c1fd8c49e82f62
- Size
  
  520KB
- MD5
  
  f22e4c8ddaf28f4dff8a71497169e78f
- SHA1
  
  1370d731ef1a4b01edf47dbc72cfd6abb9b76d6f
- SHA256
  
  ad9d4850d66a6daacd49b1db769b214767a3d6672b1ab8da23c1fd8c49e82f62
- SHA512
  
  3f2153c6cbf463086af6bd4338fc3998ded0d0aa09b37bb37229992ec358fbbfcbda4f77c5088436ffd387862d56c8d592e1c9d2fa3b62810acedec439f0311d
- SSDEEP
  
  12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXx:zW6ncoyqOp6IsTl/mXx
Score

10^/10

blackshades defense_evasion discovery persistence rat
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerat

© 2018-2025

Terms | Privacy