General

  • Target

    bc3548648782ebcc89f48f57cdfabedaa5d565ecb592dd3a19b6f516548ee191.exe

  • Size

    285KB

  • Sample

    250122-1cewnaxmbp

  • MD5

    6e76445dc906b1723ee37404a9737ba7

  • SHA1

    bc8adc8759c61364305c168acf40fb2c1ee65bf4

  • SHA256

    bc3548648782ebcc89f48f57cdfabedaa5d565ecb592dd3a19b6f516548ee191

  • SHA512

    d02ac4eb9ed293a7b052858f11baa928ff17e4b59b466b08ef5c2bf0afafe932fd6d258b1f718e27dbcf901172429b55890abf1c3da2d4abf6eaf853ec7e2d73

  • SSDEEP

    6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLS:NBaBnmtOwq/+1MkU68raJRHua8G9LcoY

Malware Config

Targets

    • Target

      bc3548648782ebcc89f48f57cdfabedaa5d565ecb592dd3a19b6f516548ee191.exe

    • Size

      285KB

    • MD5

      6e76445dc906b1723ee37404a9737ba7

    • SHA1

      bc8adc8759c61364305c168acf40fb2c1ee65bf4

    • SHA256

      bc3548648782ebcc89f48f57cdfabedaa5d565ecb592dd3a19b6f516548ee191

    • SHA512

      d02ac4eb9ed293a7b052858f11baa928ff17e4b59b466b08ef5c2bf0afafe932fd6d258b1f718e27dbcf901172429b55890abf1c3da2d4abf6eaf853ec7e2d73

    • SSDEEP

      6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLS:NBaBnmtOwq/+1MkU68raJRHua8G9LcoY

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks