General

  • Target

    805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8N.exe

  • Size

    2.4MB

  • Sample

    250124-3bd9vavpfl

  • MD5

    04654c0e76a5904fa26b986cde2b2580

  • SHA1

    1daead9736abacc5f81c6b91e8e80d378074a452

  • SHA256

    805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8

  • SHA512

    b2061c22c07aaee7505689e7f3c185b57ad843902c58d4167554c43a33b10536a298384ed73d26f1659738473391a415c651ae592b715a4ed1df8f6aaceb2980

  • SSDEEP

    49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6b:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttF

Malware Config

Targets

    • Target

      805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8N.exe

    • Size

      2.4MB

    • MD5

      04654c0e76a5904fa26b986cde2b2580

    • SHA1

      1daead9736abacc5f81c6b91e8e80d378074a452

    • SHA256

      805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8

    • SHA512

      b2061c22c07aaee7505689e7f3c185b57ad843902c58d4167554c43a33b10536a298384ed73d26f1659738473391a415c651ae592b715a4ed1df8f6aaceb2980

    • SSDEEP

      49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6b:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttF

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks