General

  • Target

    9dd36c01fb8ace4decd97a77887ca7e9ab1634061f3061392088391266c64e27.exe

  • Size

    520KB

  • Sample

    250124-2afkvasrdk

  • MD5

    370a13df216aabb87da8391e74b19875

  • SHA1

    1b5c73ca10a879fae198045619b3438bb56a6598

  • SHA256

    9dd36c01fb8ace4decd97a77887ca7e9ab1634061f3061392088391266c64e27

  • SHA512

    4662cb2f569ff0a7506f9773b24592f7a4076583010452acbf5524db968ad70bed839cb95341550a56ad5e7781ffab4272ec25a93644def56e24e6819c19ac47

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXC:zW6ncoyqOp6IsTl/mXC

Malware Config

Targets

    • Target

      9dd36c01fb8ace4decd97a77887ca7e9ab1634061f3061392088391266c64e27.exe

    • Size

      520KB

    • MD5

      370a13df216aabb87da8391e74b19875

    • SHA1

      1b5c73ca10a879fae198045619b3438bb56a6598

    • SHA256

      9dd36c01fb8ace4decd97a77887ca7e9ab1634061f3061392088391266c64e27

    • SHA512

      4662cb2f569ff0a7506f9773b24592f7a4076583010452acbf5524db968ad70bed839cb95341550a56ad5e7781ffab4272ec25a93644def56e24e6819c19ac47

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXC:zW6ncoyqOp6IsTl/mXC

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks