General

  • Target

    d8e865f0a10fee680215d33c195020a3a55d7e1b03dfdb21c9e93b8814ed05b8.exe

  • Size

    1.6MB

  • Sample

    250121-eavcnsvmby

  • MD5

    f0bcf2ef629a25ab03829a7477633854

  • SHA1

    0607c8f9e48e4498279afb9d34d2be8846d25975

  • SHA256

    d8e865f0a10fee680215d33c195020a3a55d7e1b03dfdb21c9e93b8814ed05b8

  • SHA512

    0c048e505648ba3b3daaec4fab3a1c91ba3af735d5a4013860cdd201c76f35cb60c506d7915fad5aee0a45b2ff318dc98e561e3bab170b5b2ac5c4639662bfa1

  • SSDEEP

    12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Ug:WkB4tpHlgGjlLHlFoq2d5g

Malware Config

Targets

    • Target

      d8e865f0a10fee680215d33c195020a3a55d7e1b03dfdb21c9e93b8814ed05b8.exe

    • Size

      1.6MB

    • MD5

      f0bcf2ef629a25ab03829a7477633854

    • SHA1

      0607c8f9e48e4498279afb9d34d2be8846d25975

    • SHA256

      d8e865f0a10fee680215d33c195020a3a55d7e1b03dfdb21c9e93b8814ed05b8

    • SHA512

      0c048e505648ba3b3daaec4fab3a1c91ba3af735d5a4013860cdd201c76f35cb60c506d7915fad5aee0a45b2ff318dc98e561e3bab170b5b2ac5c4639662bfa1

    • SSDEEP

      12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Ug:WkB4tpHlgGjlLHlFoq2d5g

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks