General

  • Target

    faba4eae5de608253e9eee240b64e77e828cc7c3709da74d07a7339a60c06582N.exe

  • Size

    677KB

  • Sample

    250123-ecbncasjal

  • MD5

    ae591216c230bf3ffd16916cd35c6bf0

  • SHA1

    3d0059e7479eb031edf2e8fc010921857dbc9422

  • SHA256

    faba4eae5de608253e9eee240b64e77e828cc7c3709da74d07a7339a60c06582

  • SHA512

    a96708ba292172af4bf77d8cd781430ef3c2671355a7092a6bf4e2dd166e633602a1a7f05cff83a9770f4eb7263a7b38748b0144d76d3c117d10873e93b55c30

  • SSDEEP

    12288:9kiL11aPKT1F5Vs+TVonB7krqRTUWfIVzJVUYMiGx/OHWtWOaO:9ki+PKT1F5S7BgORTWJOXBSO

Malware Config

Targets

    • Target

      faba4eae5de608253e9eee240b64e77e828cc7c3709da74d07a7339a60c06582N.exe

    • Size

      677KB

    • MD5

      ae591216c230bf3ffd16916cd35c6bf0

    • SHA1

      3d0059e7479eb031edf2e8fc010921857dbc9422

    • SHA256

      faba4eae5de608253e9eee240b64e77e828cc7c3709da74d07a7339a60c06582

    • SHA512

      a96708ba292172af4bf77d8cd781430ef3c2671355a7092a6bf4e2dd166e633602a1a7f05cff83a9770f4eb7263a7b38748b0144d76d3c117d10873e93b55c30

    • SSDEEP

      12288:9kiL11aPKT1F5Vs+TVonB7krqRTUWfIVzJVUYMiGx/OHWtWOaO:9ki+PKT1F5S7BgORTWJOXBSO

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks