General

  • Target

    d6fad2a3b511df4bdef8ab19ba87502c62d677db94a0748a5d1ba7d835240ea6.exe

  • Size

    1.9MB

  • Sample

    250121-kvgvzavqdx

  • MD5

    c7b5535458cb73c952b6a06f6710c594

  • SHA1

    03cb32baf602e333743ddfcdebc3b369d52e8dc7

  • SHA256

    d6fad2a3b511df4bdef8ab19ba87502c62d677db94a0748a5d1ba7d835240ea6

  • SHA512

    0958377942a67f266b4074690e5b4ab10967196202bce54e0b7222b4369d05c8e7366f1b75075181b9dd1a9a3ac9b0efcf007bb0ae686bcc1a1f645f8ba28a9f

  • SSDEEP

    49152:CLIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1ZL:SIUXQgBiI6i2KFU0yBfM7a9QDosGeo42

Malware Config

Targets

    • Target

      d6fad2a3b511df4bdef8ab19ba87502c62d677db94a0748a5d1ba7d835240ea6.exe

    • Size

      1.9MB

    • MD5

      c7b5535458cb73c952b6a06f6710c594

    • SHA1

      03cb32baf602e333743ddfcdebc3b369d52e8dc7

    • SHA256

      d6fad2a3b511df4bdef8ab19ba87502c62d677db94a0748a5d1ba7d835240ea6

    • SHA512

      0958377942a67f266b4074690e5b4ab10967196202bce54e0b7222b4369d05c8e7366f1b75075181b9dd1a9a3ac9b0efcf007bb0ae686bcc1a1f645f8ba28a9f

    • SSDEEP

      49152:CLIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1ZL:SIUXQgBiI6i2KFU0yBfM7a9QDosGeo42

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks