General

  • Target

    034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1.exe

  • Size

    1.7MB

  • Sample

    250122-ygxadsskh1

  • MD5

    46134a0d5a82431a6d4ec02f2ad70f4c

  • SHA1

    eb8a3b3f2b31be5535f8f427ebe56700016166fb

  • SHA256

    034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1

  • SHA512

    058f9f21216e4d9911d993dbd132c12e61011662b27a4d93af7892c6a762913a52140d7a6d66713201ac31ee3bfaca6726b7929721f98e57fbd921e95318e70b

  • SSDEEP

    12288:DZISeMFVhdL1XBvXxzGNABnwHdxkn7L1GzR1FYoxkM2N4JHUcTwoSs:VIW0rXi1GzRQo08/

Malware Config

Targets

    • Target

      034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1.exe

    • Size

      1.7MB

    • MD5

      46134a0d5a82431a6d4ec02f2ad70f4c

    • SHA1

      eb8a3b3f2b31be5535f8f427ebe56700016166fb

    • SHA256

      034b364dcbfa718af2b4748e086786c3c9b51719737344d41cbb5102c827dbc1

    • SHA512

      058f9f21216e4d9911d993dbd132c12e61011662b27a4d93af7892c6a762913a52140d7a6d66713201ac31ee3bfaca6726b7929721f98e57fbd921e95318e70b

    • SSDEEP

      12288:DZISeMFVhdL1XBvXxzGNABnwHdxkn7L1GzR1FYoxkM2N4JHUcTwoSs:VIW0rXi1GzRQo08/

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks