General

  • Target

    9cbb1a19962dabb71bb9c064942e6f77bcc4e40ef4b038c35b738dee8fab6bfeN.exe

  • Size

    2.4MB

  • Sample

    250122-2nwtzszqdq

  • MD5

    19b08b862c9aeb253d3c8b3902ed3b60

  • SHA1

    fdda24cdf75155ac6d38599392c53818fbb162ba

  • SHA256

    9cbb1a19962dabb71bb9c064942e6f77bcc4e40ef4b038c35b738dee8fab6bfe

  • SHA512

    b7e31c5717a317d14ac7fd412f1c04cb2d12a8ea7cc88badb01d12afd5b552ec61678381f8c5d28afa8c3c9db482cb987ff15e635ab5c36526554584d5d2d3c9

  • SSDEEP

    49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6b:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttp

Malware Config

Targets

    • Target

      9cbb1a19962dabb71bb9c064942e6f77bcc4e40ef4b038c35b738dee8fab6bfeN.exe

    • Size

      2.4MB

    • MD5

      19b08b862c9aeb253d3c8b3902ed3b60

    • SHA1

      fdda24cdf75155ac6d38599392c53818fbb162ba

    • SHA256

      9cbb1a19962dabb71bb9c064942e6f77bcc4e40ef4b038c35b738dee8fab6bfe

    • SHA512

      b7e31c5717a317d14ac7fd412f1c04cb2d12a8ea7cc88badb01d12afd5b552ec61678381f8c5d28afa8c3c9db482cb987ff15e635ab5c36526554584d5d2d3c9

    • SSDEEP

      49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6b:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttp

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks