General
-
Target
55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4.exe
-
Size
1.7MB
-
Sample
250123-j1y6rs1kg1
-
MD5
21d91bb6928d9eaa2b375a9f9a1a5afa
-
SHA1
effbe61a04d4281ae8999ad53f72c24421d80aae
-
SHA256
55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4
-
SHA512
77d64fdc9c9c4b9c192e08722d3bcaa719ce9289df01603fb9043b0d01f28f47d54104bcd492951595c6a6f5617d005123e48b4629cdac184ab28aaabca2b3cc
-
SSDEEP
24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78c2:KsnxUt
Static task
static1
Behavioral task
behavioral1
Sample
55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4.exe
-
Size
1.7MB
-
MD5
21d91bb6928d9eaa2b375a9f9a1a5afa
-
SHA1
effbe61a04d4281ae8999ad53f72c24421d80aae
-
SHA256
55871e153520eeb29aece4f1ec4fb9ac1cef79029d6cf105d7593b0e098369d4
-
SHA512
77d64fdc9c9c4b9c192e08722d3bcaa719ce9289df01603fb9043b0d01f28f47d54104bcd492951595c6a6f5617d005123e48b4629cdac184ab28aaabca2b3cc
-
SSDEEP
24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78c2:KsnxUt
-
Blackshades family
-
Blackshades payload
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
UAC bypass
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
7