General
-
Target
805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8N.exe
-
Size
2.4MB
-
Sample
250124-3bd9vavpfl
-
MD5
04654c0e76a5904fa26b986cde2b2580
-
SHA1
1daead9736abacc5f81c6b91e8e80d378074a452
-
SHA256
805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8
-
SHA512
b2061c22c07aaee7505689e7f3c185b57ad843902c58d4167554c43a33b10536a298384ed73d26f1659738473391a415c651ae592b715a4ed1df8f6aaceb2980
-
SSDEEP
49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6b:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttF
Behavioral task
behavioral1
Sample
805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8N.exe
-
Size
2.4MB
-
MD5
04654c0e76a5904fa26b986cde2b2580
-
SHA1
1daead9736abacc5f81c6b91e8e80d378074a452
-
SHA256
805b505c7284a50c190bb8f74b293504173f712a44dba74354a59d233e3367d8
-
SHA512
b2061c22c07aaee7505689e7f3c185b57ad843902c58d4167554c43a33b10536a298384ed73d26f1659738473391a415c651ae592b715a4ed1df8f6aaceb2980
-
SSDEEP
49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6b:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttF
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3