Analysis
-
max time kernel
4294225s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
15-03-2022 17:51
Static task
static1
Behavioral task
behavioral1
Sample
b61.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b61.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
b61.exe
-
Size
236KB
-
MD5
c3494cc8b3aac24903c0ddf8095d919a
-
SHA1
1cd912956beb9c0419fe89c1d555e0480d9d182d
-
SHA256
b6137dce9ddca24ba720d65ffb2fadac112e268e3be6e82fdd30c778f34249c0
-
SHA512
f0c96bf71c42875a8708374faec409defdd353c36d554a91197f9ef94d54ac9920dc0b2a55ebc7c4f11ce2af8169467b148b586e0614d42dea8e3f0cad9e250e
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE BlackshadesRAT Reporting
suricata: ET MALWARE BlackshadesRAT Reporting
-
Adds policy Run key to start application 2 TTPs 4 IoCs
Processes:
b61.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run b61.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" b61.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run b61.exe Set value (str) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" b61.exe -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
b61.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\Software\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" b61.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run b61.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" b61.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\Software\Microsoft\Windows\CurrentVersion\Run b61.exe -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 3 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
b61.exepid process 1956 b61.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
b61.exepid process 1956 b61.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
b61.exepid process 1956 b61.exe 1956 b61.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1956-54-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB