General

  • Target

    091c0c799f56a6420f2f532473bd49dc4fe6dedf11c7ecd416fb030649a68e6b.exe

  • Size

    2.0MB

  • Sample

    250121-mjr8nsypbs

  • MD5

    e75f8b8fc33f90b8c531e586929e1def

  • SHA1

    e367ea7e080f584f2c546231ab2f8028f72a2d8c

  • SHA256

    091c0c799f56a6420f2f532473bd49dc4fe6dedf11c7ecd416fb030649a68e6b

  • SHA512

    a5d898e298000027040420bc393595ab375fc2a0d2e44091188f268e86312f62aba1fdbb66dbdbb64918b111d04f5c2dde1ede6b07da77ce1f6b433a2d481aca

  • SSDEEP

    49152:fmTWr53HxurntpSJU2mN2xl42d91cKSd5W6l/p7AFWVBpG947fVr0YfwCCkB1mpN:fmTWr53HxurntpSJU2mN2xu2d91cKSd+

Malware Config

Targets

    • Target

      091c0c799f56a6420f2f532473bd49dc4fe6dedf11c7ecd416fb030649a68e6b.exe

    • Size

      2.0MB

    • MD5

      e75f8b8fc33f90b8c531e586929e1def

    • SHA1

      e367ea7e080f584f2c546231ab2f8028f72a2d8c

    • SHA256

      091c0c799f56a6420f2f532473bd49dc4fe6dedf11c7ecd416fb030649a68e6b

    • SHA512

      a5d898e298000027040420bc393595ab375fc2a0d2e44091188f268e86312f62aba1fdbb66dbdbb64918b111d04f5c2dde1ede6b07da77ce1f6b433a2d481aca

    • SSDEEP

      49152:fmTWr53HxurntpSJU2mN2xl42d91cKSd5W6l/p7AFWVBpG947fVr0YfwCCkB1mpN:fmTWr53HxurntpSJU2mN2xu2d91cKSd+

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks