General

  • Target

    ef74e090307da8648b42041ab3526e30e5bd78f8a3e66ea8b29e619f8c4673dcN.exe

  • Size

    1.9MB

  • Sample

    250121-b7kyqazne1

  • MD5

    4066b17c1ca7e21e49c5dc1a94417e50

  • SHA1

    09820db014bee1ef4a5e5fd8460a1b75b855ccbb

  • SHA256

    ef74e090307da8648b42041ab3526e30e5bd78f8a3e66ea8b29e619f8c4673dc

  • SHA512

    ab209c6966fd26f1256e17f43408eb5d7b1545f3cfe96c8a799cb9819656c026bdda91fc50eb38daa686470828ed38948327b3ee3e6eb733f26b0f4222123d2a

  • SSDEEP

    49152:CLIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zj:SIUXQgBiI6i2KFU0yBfM7a9QDosGeo4G

Malware Config

Targets

    • Target

      ef74e090307da8648b42041ab3526e30e5bd78f8a3e66ea8b29e619f8c4673dcN.exe

    • Size

      1.9MB

    • MD5

      4066b17c1ca7e21e49c5dc1a94417e50

    • SHA1

      09820db014bee1ef4a5e5fd8460a1b75b855ccbb

    • SHA256

      ef74e090307da8648b42041ab3526e30e5bd78f8a3e66ea8b29e619f8c4673dc

    • SHA512

      ab209c6966fd26f1256e17f43408eb5d7b1545f3cfe96c8a799cb9819656c026bdda91fc50eb38daa686470828ed38948327b3ee3e6eb733f26b0f4222123d2a

    • SSDEEP

      49152:CLIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zj:SIUXQgBiI6i2KFU0yBfM7a9QDosGeo4G

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks