General

  • Target

    900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84N.exe

  • Size

    1.8MB

  • Sample

    250122-tyv2fawldl

  • MD5

    dedd1b5e4e360ce2832cbf0608f33820

  • SHA1

    a45c7b30b9e9822c3107e2252b209feb316645c6

  • SHA256

    900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84

  • SHA512

    92b968798bb7b9ad53720dcf4dc9905e525e8c1f421cd8c4bddf672517403663be015a1b4293ac245dea343217d8f6a6d5aef38b03adcf44b8c9cf1b14b47673

  • SSDEEP

    49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1ZS:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4B

Malware Config

Targets

    • Target

      900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84N.exe

    • Size

      1.8MB

    • MD5

      dedd1b5e4e360ce2832cbf0608f33820

    • SHA1

      a45c7b30b9e9822c3107e2252b209feb316645c6

    • SHA256

      900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84

    • SHA512

      92b968798bb7b9ad53720dcf4dc9905e525e8c1f421cd8c4bddf672517403663be015a1b4293ac245dea343217d8f6a6d5aef38b03adcf44b8c9cf1b14b47673

    • SSDEEP

      49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1ZS:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4B

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks