General

  • Target

    4b53dbc7eb114c72dc7020bc78d912e131293f6079a7d537e8624d04c0355899.exe

  • Size

    1.2MB

  • Sample

    250123-gtj26axlem

  • MD5

    7f264cc72851fdbcbdef8ea267aedd3d

  • SHA1

    fe3af35952ac9bea3831cea965adc544c2662441

  • SHA256

    4b53dbc7eb114c72dc7020bc78d912e131293f6079a7d537e8624d04c0355899

  • SHA512

    79971812196bfac3b6404acafb25ca76f4c914314042bfc91647dd4a851b200bb4c2e242ceb6c618a0c4cb9474daa041734d9595b7d1cec24df77454042b39a7

  • SSDEEP

    3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/ce:gRhoxrn/vmrqaTh2uMnuPea4g/Gcg

Malware Config

Targets

    • Target

      4b53dbc7eb114c72dc7020bc78d912e131293f6079a7d537e8624d04c0355899.exe

    • Size

      1.2MB

    • MD5

      7f264cc72851fdbcbdef8ea267aedd3d

    • SHA1

      fe3af35952ac9bea3831cea965adc544c2662441

    • SHA256

      4b53dbc7eb114c72dc7020bc78d912e131293f6079a7d537e8624d04c0355899

    • SHA512

      79971812196bfac3b6404acafb25ca76f4c914314042bfc91647dd4a851b200bb4c2e242ceb6c618a0c4cb9474daa041734d9595b7d1cec24df77454042b39a7

    • SSDEEP

      3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/ce:gRhoxrn/vmrqaTh2uMnuPea4g/Gcg

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks