General
-
Target
900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84N.exe
-
Size
1.8MB
-
Sample
250122-tyv2fawldl
-
MD5
dedd1b5e4e360ce2832cbf0608f33820
-
SHA1
a45c7b30b9e9822c3107e2252b209feb316645c6
-
SHA256
900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84
-
SHA512
92b968798bb7b9ad53720dcf4dc9905e525e8c1f421cd8c4bddf672517403663be015a1b4293ac245dea343217d8f6a6d5aef38b03adcf44b8c9cf1b14b47673
-
SSDEEP
49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1ZS:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4B
Static task
static1
Behavioral task
behavioral1
Sample
900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84N.exe
-
Size
1.8MB
-
MD5
dedd1b5e4e360ce2832cbf0608f33820
-
SHA1
a45c7b30b9e9822c3107e2252b209feb316645c6
-
SHA256
900b37ee382fd656f8671eb7feae008e425be07d7f59b73b8f6715e71c9d1b84
-
SHA512
92b968798bb7b9ad53720dcf4dc9905e525e8c1f421cd8c4bddf672517403663be015a1b4293ac245dea343217d8f6a6d5aef38b03adcf44b8c9cf1b14b47673
-
SSDEEP
49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1ZS:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4B
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3