General

  • Target

    a9e31e65d334e7fd1f354005aee9056639b53c3c04519318e2e952e8dd9d88e5.exe

  • Size

    2.0MB

  • Sample

    250123-hed32axley

  • MD5

    0e49cf3004d74da579abd8e6ae95b018

  • SHA1

    e9c30b1621791d08b7609360b9924f26e9449010

  • SHA256

    a9e31e65d334e7fd1f354005aee9056639b53c3c04519318e2e952e8dd9d88e5

  • SHA512

    6b7f4b3bc18967d2ead4a1d2148a7a0199964d0e571f062dcf3c6d9be718faf628b219ce3431150af6ee4446f8dd103bfa4e539e36d4fb749f24c404e18c69f4

  • SSDEEP

    49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWZ:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aa2

Malware Config

Targets

    • Target

      a9e31e65d334e7fd1f354005aee9056639b53c3c04519318e2e952e8dd9d88e5.exe

    • Size

      2.0MB

    • MD5

      0e49cf3004d74da579abd8e6ae95b018

    • SHA1

      e9c30b1621791d08b7609360b9924f26e9449010

    • SHA256

      a9e31e65d334e7fd1f354005aee9056639b53c3c04519318e2e952e8dd9d88e5

    • SHA512

      6b7f4b3bc18967d2ead4a1d2148a7a0199964d0e571f062dcf3c6d9be718faf628b219ce3431150af6ee4446f8dd103bfa4e539e36d4fb749f24c404e18c69f4

    • SSDEEP

      49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWZ:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aa2

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks