General

  • Target

    dd51d2abcaa2a88ee923856db1b32618496fb77034ea97bbcd01d0ded5bec122N.exe

  • Size

    1.1MB

  • Sample

    250121-k5ajmswqep

  • MD5

    5d75c4f2071c76efa0661c7249ed1740

  • SHA1

    05d244c83b82d40c2ce7a07278028dc412def99a

  • SHA256

    dd51d2abcaa2a88ee923856db1b32618496fb77034ea97bbcd01d0ded5bec122

  • SHA512

    fee76e9ea9f5bfa58a429ce12b048c9d0e673a98f33e5cef505c2d0016a057f6f3602e296ca390887785dad2d430c6eee0c753d4148ab45fcff4d0d18af6770c

  • SSDEEP

    3072:jRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cZ:jRhoxrn/vmrqaTh2uMnuPea4g/Gc

Malware Config

Targets

    • Target

      dd51d2abcaa2a88ee923856db1b32618496fb77034ea97bbcd01d0ded5bec122N.exe

    • Size

      1.1MB

    • MD5

      5d75c4f2071c76efa0661c7249ed1740

    • SHA1

      05d244c83b82d40c2ce7a07278028dc412def99a

    • SHA256

      dd51d2abcaa2a88ee923856db1b32618496fb77034ea97bbcd01d0ded5bec122

    • SHA512

      fee76e9ea9f5bfa58a429ce12b048c9d0e673a98f33e5cef505c2d0016a057f6f3602e296ca390887785dad2d430c6eee0c753d4148ab45fcff4d0d18af6770c

    • SSDEEP

      3072:jRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cZ:jRhoxrn/vmrqaTh2uMnuPea4g/Gc

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks