General

  • Target

    81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524.exe

  • Size

    2.0MB

  • Sample

    250123-cwdwpsymfl

  • MD5

    9ef04b1ee9f2f6fbc8a891b787828b59

  • SHA1

    8b8db01d98efe8e296e84bc5617bfe365aa889fc

  • SHA256

    81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524

  • SHA512

    8666acaff6ef82914f109aefaab42876706e3c46c4e2fef242650d988aab9e1f7b0f55b4fe9b453a6f1ba3a460d93563b8faaa2aa54a520aa626b152918d7209

  • SSDEEP

    49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWC:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aad

Malware Config

Targets

    • Target

      81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524.exe

    • Size

      2.0MB

    • MD5

      9ef04b1ee9f2f6fbc8a891b787828b59

    • SHA1

      8b8db01d98efe8e296e84bc5617bfe365aa889fc

    • SHA256

      81a616d971a3450fd9b0243e7863e6ce7e8426128d3d73f18c0c9766e4362524

    • SHA512

      8666acaff6ef82914f109aefaab42876706e3c46c4e2fef242650d988aab9e1f7b0f55b4fe9b453a6f1ba3a460d93563b8faaa2aa54a520aa626b152918d7209

    • SSDEEP

      49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWC:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aad

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks