General
-
Target
1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07
-
Size
293KB
-
Sample
250122-zy86yswjay
-
MD5
527c4a09af241f239be730cb7124d4b4
-
SHA1
52cc6e477b5aa374cfb9bf570c1b9e2ff2dee255
-
SHA256
1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07
-
SHA512
2ed6787fa0ab174c4dbee4482b6d7d5088db0eee5bef8b982c24c4b7def2d294e928290fde590f0ab4df8ba586fefd33a68943c021d189a48343decb99074cd5
-
SSDEEP
6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJa:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSs
Behavioral task
behavioral1
Sample
1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07
-
Size
293KB
-
MD5
527c4a09af241f239be730cb7124d4b4
-
SHA1
52cc6e477b5aa374cfb9bf570c1b9e2ff2dee255
-
SHA256
1c90d20fb5fd4b646aff6a56ef4cec6e0ab06d5dd81bff49fd0e755a64cb4e07
-
SHA512
2ed6787fa0ab174c4dbee4482b6d7d5088db0eee5bef8b982c24c4b7def2d294e928290fde590f0ab4df8ba586fefd33a68943c021d189a48343decb99074cd5
-
SSDEEP
6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJa:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSs
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3