General

  • Target

    54fae19ed79846c2aa93686362c940d10f8865aa00e39e8047550b68464a47f4N.exe

  • Size

    2.0MB

  • Sample

    250123-bnhn9awldp

  • MD5

    9cd4010b4cdba0b91ff7ef07bbdf31a0

  • SHA1

    c8bfad8918128b28125101a5357f5006bf9a454e

  • SHA256

    54fae19ed79846c2aa93686362c940d10f8865aa00e39e8047550b68464a47f4

  • SHA512

    738818884f7e5c54de2c98b3437c51491aaf95599b7a204021a9150625096fb72ad97ceec2ed3b79ebc02dd5b0d934442f097e4cbe525e0e612e86fe928792dc

  • SSDEEP

    49152:fmTWr53HxurntpSJU2mN2xl42d91cKSd5W6l/p7AFWVBpG947fVr0YfwCCkB1mpV:fmTWr53HxurntpSJU2mN2xu2d91cKSdS

Malware Config

Targets

    • Target

      54fae19ed79846c2aa93686362c940d10f8865aa00e39e8047550b68464a47f4N.exe

    • Size

      2.0MB

    • MD5

      9cd4010b4cdba0b91ff7ef07bbdf31a0

    • SHA1

      c8bfad8918128b28125101a5357f5006bf9a454e

    • SHA256

      54fae19ed79846c2aa93686362c940d10f8865aa00e39e8047550b68464a47f4

    • SHA512

      738818884f7e5c54de2c98b3437c51491aaf95599b7a204021a9150625096fb72ad97ceec2ed3b79ebc02dd5b0d934442f097e4cbe525e0e612e86fe928792dc

    • SSDEEP

      49152:fmTWr53HxurntpSJU2mN2xl42d91cKSd5W6l/p7AFWVBpG947fVr0YfwCCkB1mpV:fmTWr53HxurntpSJU2mN2xu2d91cKSdS

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks