General
-
Target
034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1.exe
-
Size
1.7MB
-
Sample
250122-ygxadsskh1
-
MD5
46134a0d5a82431a6d4ec02f2ad70f4c
-
SHA1
eb8a3b3f2b31be5535f8f427ebe56700016166fb
-
SHA256
034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1
-
SHA512
058f9f21216e4d9911d993dbd132c12e61011662b27a4d93af7892c6a762913a52140d7a6d66713201ac31ee3bfaca6726b7929721f98e57fbd921e95318e70b
-
SSDEEP
12288:DZISeMFVhdL1XBvXxzGNABnwHdxkn7L1GzR1FYoxkM2N4JHUcTwoSs:VIW0rXi1GzRQo08/
Behavioral task
behavioral1
Sample
034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1.exe
-
Size
1.7MB
-
MD5
46134a0d5a82431a6d4ec02f2ad70f4c
-
SHA1
eb8a3b3f2b31be5535f8f427ebe56700016166fb
-
SHA256
034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1
-
SHA512
058f9f21216e4d9911d993dbd132c12e61011662b27a4d93af7892c6a762913a52140d7a6d66713201ac31ee3bfaca6726b7929721f98e57fbd921e95318e70b
-
SSDEEP
12288:DZISeMFVhdL1XBvXxzGNABnwHdxkn7L1GzR1FYoxkM2N4JHUcTwoSs:VIW0rXi1GzRQo08/
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3