General

  • Target

    75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466N.exe

  • Size

    676KB

  • Sample

    250122-qtj7lazjgp

  • MD5

    8e8a96156ef85d64e4be0e4d9e8794c0

  • SHA1

    b948ffbe98a8938352951eb8b699f23cec7b1161

  • SHA256

    75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466

  • SHA512

    e28e17ec554a5c25059ad046da17656577252662ba7e54dbf6bd1f109d5ecb7cef1f9168b1a502ad59f07fe1330b1ee7db5006bf6e1e973d1593c13571e4c29b

  • SSDEEP

    12288:XmdQyIkTvh1zp9LLyMMqoatfKLtMk+KEwtMq9uyn5iJDFLaj+U:XmdQyIkTvh1rSVbatfCMrDy

Malware Config

Targets

    • Target

      75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466N.exe

    • Size

      676KB

    • MD5

      8e8a96156ef85d64e4be0e4d9e8794c0

    • SHA1

      b948ffbe98a8938352951eb8b699f23cec7b1161

    • SHA256

      75c4df253cbcef33cc716cc0eb5421b15591a83ac1a612ae460efca3a383e466

    • SHA512

      e28e17ec554a5c25059ad046da17656577252662ba7e54dbf6bd1f109d5ecb7cef1f9168b1a502ad59f07fe1330b1ee7db5006bf6e1e973d1593c13571e4c29b

    • SSDEEP

      12288:XmdQyIkTvh1zp9LLyMMqoatfKLtMk+KEwtMq9uyn5iJDFLaj+U:XmdQyIkTvh1rSVbatfCMrDy

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks