blackshades | 8f0255e6df53ddc284fd9e60df90122b0ccd286ff9ec29372456bfaaf83a7d9d | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...b4.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_a2c978b937694a8005d49ec321044cb4
Size

547KB
Sample

250409-crqdyaxjv4
MD5

a2c978b937694a8005d49ec321044cb4
SHA1

250b5c895ab1cf35dac32b0f6cd84fdd5ffabcab
SHA256

8f0255e6df53ddc284fd9e60df90122b0ccd286ff9ec29372456bfaaf83a7d9d
SHA512

d94ffdca354c5c95a72c7a678805c9d03e82b514aa3199a77bed6825ea6e41d776b5c6af90b2c606951d5184d0c8f2e9aace547e4bc271aa804739c26e390211
SSDEEP

12288:XXRbyFko21Hx7CK/339OidNHkwp84ioqL+JzDFKgnp:hyFGT7Jywp8voqL+ZDFxnp

Score

10^/10

blackshades defense_evasion discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_a2c978b937694a8005d49ec321044cb4.exe

Resource

win10v2004-20250314-en

blackshades defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_a2c978b937694a8005d49ec321044cb4
- Size
  
  547KB
- MD5
  
  a2c978b937694a8005d49ec321044cb4
- SHA1
  
  250b5c895ab1cf35dac32b0f6cd84fdd5ffabcab
- SHA256
  
  8f0255e6df53ddc284fd9e60df90122b0ccd286ff9ec29372456bfaaf83a7d9d
- SHA512
  
  d94ffdca354c5c95a72c7a678805c9d03e82b514aa3199a77bed6825ea6e41d776b5c6af90b2c606951d5184d0c8f2e9aace547e4bc271aa804739c26e390211
- SSDEEP
  
  12288:XXRbyFko21Hx7CK/339OidNHkwp84ioqL+JzDFKgnp:hyFGT7Jywp8voqL+ZDFxnp
Score

10^/10

blackshades defense_evasion discovery persistence rat trojan upx
- Blackshades
  Blackshades is a remote access trojan with various capabilities.
  rat blackshades
- Blackshades family
  blackshades
- Blackshades payload
- Modifies firewall policy service
  defense_evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackshadesdefense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy