General

  • Target

    334b63d525650a3301e3f3881e0987b42e2a1480c6fa7c0fe5a69e74877a5cb8.exe

  • Size

    1.6MB

  • Sample

    250124-q25hha1maw

  • MD5

    be184a9ee9a60fb31ee86588de4f1e09

  • SHA1

    f9cce985884530a6813af5005850601c7e4f4e80

  • SHA256

    334b63d525650a3301e3f3881e0987b42e2a1480c6fa7c0fe5a69e74877a5cb8

  • SHA512

    e42420636117a13b339f1ae469b50912822318e7977bee03edfbae83bb88e6618df9312ad65a801805172455e1bbc74d16a7db7b15d8448944f19ea90752d57d

  • SSDEEP

    12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Ue:bkB4tpHlgGjlLHlFoq2d5e

Malware Config

Targets

    • Target

      334b63d525650a3301e3f3881e0987b42e2a1480c6fa7c0fe5a69e74877a5cb8.exe

    • Size

      1.6MB

    • MD5

      be184a9ee9a60fb31ee86588de4f1e09

    • SHA1

      f9cce985884530a6813af5005850601c7e4f4e80

    • SHA256

      334b63d525650a3301e3f3881e0987b42e2a1480c6fa7c0fe5a69e74877a5cb8

    • SHA512

      e42420636117a13b339f1ae469b50912822318e7977bee03edfbae83bb88e6618df9312ad65a801805172455e1bbc74d16a7db7b15d8448944f19ea90752d57d

    • SSDEEP

      12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Ue:bkB4tpHlgGjlLHlFoq2d5e

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks