General

  • Target

    55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4.exe

  • Size

    1.7MB

  • Sample

    250123-j1y6rs1kg1

  • MD5

    21d91bb6928d9eaa2b375a9f9a1a5afa

  • SHA1

    effbe61a04d4281ae8999ad53f72c24421d80aae

  • SHA256

    55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4

  • SHA512

    77d64fdc9c9c4b9c192e08722d3bcaa719ce9289df01603fb9043b0d01f28f47d54104bcd492951595c6a6f5617d005123e48b4629cdac184ab28aaabca2b3cc

  • SSDEEP

    24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78c2:KsnxUt

Malware Config

Targets

    • Target

      55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4.exe

    • Size

      1.7MB

    • MD5

      21d91bb6928d9eaa2b375a9f9a1a5afa

    • SHA1

      effbe61a04d4281ae8999ad53f72c24421d80aae

    • SHA256

      55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4

    • SHA512

      77d64fdc9c9c4b9c192e08722d3bcaa719ce9289df01603fb9043b0d01f28f47d54104bcd492951595c6a6f5617d005123e48b4629cdac184ab28aaabca2b3cc

    • SSDEEP

      24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78c2:KsnxUt

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks