General

  • Target

    787f234d88f1bd3a671b7d2541af69a51514e5114eddda9da6a0053719294de5

  • Size

    1.8MB

  • Sample

    250123-c31n2syqcq

  • MD5

    74e78976b7842be76c134285da4f76ed

  • SHA1

    1c9cef69ab40e3dc24f48a7ad676547a1a2c77c2

  • SHA256

    787f234d88f1bd3a671b7d2541af69a51514e5114eddda9da6a0053719294de5

  • SHA512

    0879e21f65abe6e0d0a0e1208dfe5ec727ecf7a46b6b0ab38048bca5b285ccf8788cf635b9aa81806185714903d5adbab85d4d518db3a5d047bc2f7c570aed31

  • SSDEEP

    49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Z6:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4h

Malware Config

Targets

    • Target

      787f234d88f1bd3a671b7d2541af69a51514e5114eddda9da6a0053719294de5

    • Size

      1.8MB

    • MD5

      74e78976b7842be76c134285da4f76ed

    • SHA1

      1c9cef69ab40e3dc24f48a7ad676547a1a2c77c2

    • SHA256

      787f234d88f1bd3a671b7d2541af69a51514e5114eddda9da6a0053719294de5

    • SHA512

      0879e21f65abe6e0d0a0e1208dfe5ec727ecf7a46b6b0ab38048bca5b285ccf8788cf635b9aa81806185714903d5adbab85d4d518db3a5d047bc2f7c570aed31

    • SSDEEP

      49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Z6:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4h

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks