General
-
Target
81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524.exe
-
Size
2.0MB
-
Sample
250123-cwdwpsymfl
-
MD5
9ef04b1ee9f2f6fbc8a891b787828b59
-
SHA1
8b8db01d98efe8e296e84bc5617bfe365aa889fc
-
SHA256
81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524
-
SHA512
8666acaff6ef82914f109aefaab42876706e3c46c4e2fef242650d988aab9e1f7b0f55b4fe9b453a6f1ba3a460d93563b8faaa2aa54a520aa626b152918d7209
-
SSDEEP
49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWC:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aad
Behavioral task
behavioral1
Sample
81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524.exe
-
Size
2.0MB
-
MD5
9ef04b1ee9f2f6fbc8a891b787828b59
-
SHA1
8b8db01d98efe8e296e84bc5617bfe365aa889fc
-
SHA256
81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524
-
SHA512
8666acaff6ef82914f109aefaab42876706e3c46c4e2fef242650d988aab9e1f7b0f55b4fe9b453a6f1ba3a460d93563b8faaa2aa54a520aa626b152918d7209
-
SSDEEP
49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWC:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aad
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3