General

  • Target

    1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07

  • Size

    293KB

  • Sample

    250122-zy86yswjay

  • MD5

    527c4a09af241f239be730cb7124d4b4

  • SHA1

    52cc6e477b5aa374cfb9bf570c1b9e2ff2dee255

  • SHA256

    1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07

  • SHA512

    2ed6787fa0ab174c4dbee4482b6d7d5088db0eee5bef8b982c24c4b7def2d294e928290fde590f0ab4df8ba586fefd33a68943c021d189a48343decb99074cd5

  • SSDEEP

    6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJa:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSs

Malware Config

Targets

    • Target

      1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07

    • Size

      293KB

    • MD5

      527c4a09af241f239be730cb7124d4b4

    • SHA1

      52cc6e477b5aa374cfb9bf570c1b9e2ff2dee255

    • SHA256

      1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07

    • SHA512

      2ed6787fa0ab174c4dbee4482b6d7d5088db0eee5bef8b982c24c4b7def2d294e928290fde590f0ab4df8ba586fefd33a68943c021d189a48343decb99074cd5

    • SSDEEP

      6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJa:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSs

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks