General

  • Target

    03ea5fc152e125e58a9606086cca2645774121f9233509a4117cc2a7f5277260.exe

  • Size

    1.8MB

  • Sample

    250122-vglbcaxjfl

  • MD5

    93aae5d855bfd27f01fe5f691a1a8bf4

  • SHA1

    aaa5a0b6c66203870fb77350ecdb6401c73ed93d

  • SHA256

    03ea5fc152e125e58a9606086cca2645774121f9233509a4117cc2a7f5277260

  • SHA512

    5bbcc60024db6b42bf07925e7e3447e834d8b0f2e24666b1404b1f9beb4a1419f1e0cf89c65617f416bf73aee78fab866f4189bc015a86266980c42d5056831d

  • SSDEEP

    49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Z2:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4r

Malware Config

Targets

    • Target

      03ea5fc152e125e58a9606086cca2645774121f9233509a4117cc2a7f5277260.exe

    • Size

      1.8MB

    • MD5

      93aae5d855bfd27f01fe5f691a1a8bf4

    • SHA1

      aaa5a0b6c66203870fb77350ecdb6401c73ed93d

    • SHA256

      03ea5fc152e125e58a9606086cca2645774121f9233509a4117cc2a7f5277260

    • SHA512

      5bbcc60024db6b42bf07925e7e3447e834d8b0f2e24666b1404b1f9beb4a1419f1e0cf89c65617f416bf73aee78fab866f4189bc015a86266980c42d5056831d

    • SSDEEP

      49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Z2:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4r

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks