General

  • Target

    6be06b45ddc770f14763509cfda036caf297d2037df4d09f7ab40b21236745ee.exe

  • Size

    1.8MB

  • Sample

    250124-17qlms1pds

  • MD5

    1968eb9d3c684f8c15c7757f889447c9

  • SHA1

    49f7d1056c652ae099ddab53ce29dfccb285aa58

  • SHA256

    6be06b45ddc770f14763509cfda036caf297d2037df4d09f7ab40b21236745ee

  • SHA512

    9fee9a9f1ee1e88cf8ef13491f00e643853227f9b29bc439e0e346f842515a099532bda15826e0cc29dd5f3073a9539dda6cc4449bfe54dc12127aa29df50c40

  • SSDEEP

    49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zw:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo49

Malware Config

Targets

    • Target

      6be06b45ddc770f14763509cfda036caf297d2037df4d09f7ab40b21236745ee.exe

    • Size

      1.8MB

    • MD5

      1968eb9d3c684f8c15c7757f889447c9

    • SHA1

      49f7d1056c652ae099ddab53ce29dfccb285aa58

    • SHA256

      6be06b45ddc770f14763509cfda036caf297d2037df4d09f7ab40b21236745ee

    • SHA512

      9fee9a9f1ee1e88cf8ef13491f00e643853227f9b29bc439e0e346f842515a099532bda15826e0cc29dd5f3073a9539dda6cc4449bfe54dc12127aa29df50c40

    • SSDEEP

      49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zw:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo49

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks