General

  • Target

    2af63065df4bc6994d3c849ae9597877986b4b51e1d1aeaf3105253a8b5a9ae2.exe

  • Size

    2.4MB

  • Sample

    250124-2ar9mssreq

  • MD5

    c09998681aed93789c27147669786ccc

  • SHA1

    c7f15dfa407c1164acb3633653c674580584818e

  • SHA256

    2af63065df4bc6994d3c849ae9597877986b4b51e1d1aeaf3105253a8b5a9ae2

  • SHA512

    6be39b145e4454f35a7212f0595d0eaba97b3caf412d0036999be98c18b358b841c2d8719bc37f76af9eaba667b8d0e395da21a4e3bb71c7baf809596870ba10

  • SSDEEP

    49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6W:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttA

Malware Config

Targets

    • Target

      2af63065df4bc6994d3c849ae9597877986b4b51e1d1aeaf3105253a8b5a9ae2.exe

    • Size

      2.4MB

    • MD5

      c09998681aed93789c27147669786ccc

    • SHA1

      c7f15dfa407c1164acb3633653c674580584818e

    • SHA256

      2af63065df4bc6994d3c849ae9597877986b4b51e1d1aeaf3105253a8b5a9ae2

    • SHA512

      6be39b145e4454f35a7212f0595d0eaba97b3caf412d0036999be98c18b358b841c2d8719bc37f76af9eaba667b8d0e395da21a4e3bb71c7baf809596870ba10

    • SSDEEP

      49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6W:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttA

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks