General
-
Target
75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466N.exe
-
Size
676KB
-
Sample
250122-qtj7lazjgp
-
MD5
8e8a96156ef85d64e4be0e4d9e8794c0
-
SHA1
b948ffbe98a8938352951eb8b699f23cec7b1161
-
SHA256
75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466
-
SHA512
e28e17ec554a5c25059ad046da17656577252662ba7e54dbf6bd1f109d5ecb7cef1f9168b1a502ad59f07fe1330b1ee7db5006bf6e1e973d1593c13571e4c29b
-
SSDEEP
12288:XmdQyIkTvh1zp9LLyMMqoatfKLtMk+KEwtMq9uyn5iJDFLaj+U:XmdQyIkTvh1rSVbatfCMrDy
Static task
static1
Behavioral task
behavioral1
Sample
75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466N.exe
-
Size
676KB
-
MD5
8e8a96156ef85d64e4be0e4d9e8794c0
-
SHA1
b948ffbe98a8938352951eb8b699f23cec7b1161
-
SHA256
75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466
-
SHA512
e28e17ec554a5c25059ad046da17656577252662ba7e54dbf6bd1f109d5ecb7cef1f9168b1a502ad59f07fe1330b1ee7db5006bf6e1e973d1593c13571e4c29b
-
SSDEEP
12288:XmdQyIkTvh1zp9LLyMMqoatfKLtMk+KEwtMq9uyn5iJDFLaj+U:XmdQyIkTvh1rSVbatfCMrDy
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3