General

  • Target

    882520390b40caba04a2b3c09dd371d8104fd5d36bba3ca3da080567147809adN.exe

  • Size

    1.2MB

  • Sample

    250122-tnhclavjcw

  • MD5

    cc166a940f24b25555745a995a9c7ef0

  • SHA1

    c6c5168984240b2f33c3b58d15c8f5d49b5af463

  • SHA256

    882520390b40caba04a2b3c09dd371d8104fd5d36bba3ca3da080567147809ad

  • SHA512

    925882d4c08ba88787a66a6fe2e5e8278f46ce1013e0dd1b36bf80b0e9a5bd19af425f50e876009fed83000f32b6ebd1792b45e7e38af1c659f9f7f4e00483b1

  • SSDEEP

    3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cq:gRhoxrn/vmrqaTh2uMnuPea4g/Gcw

Malware Config

Targets

    • Target

      882520390b40caba04a2b3c09dd371d8104fd5d36bba3ca3da080567147809adN.exe

    • Size

      1.2MB

    • MD5

      cc166a940f24b25555745a995a9c7ef0

    • SHA1

      c6c5168984240b2f33c3b58d15c8f5d49b5af463

    • SHA256

      882520390b40caba04a2b3c09dd371d8104fd5d36bba3ca3da080567147809ad

    • SHA512

      925882d4c08ba88787a66a6fe2e5e8278f46ce1013e0dd1b36bf80b0e9a5bd19af425f50e876009fed83000f32b6ebd1792b45e7e38af1c659f9f7f4e00483b1

    • SSDEEP

      3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cq:gRhoxrn/vmrqaTh2uMnuPea4g/Gcw

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks