General

  • Target

    36d0de0ae2d618e4ebdd8cf62e209503cd53263437219095ee80a2ea2daba173N.exe

  • Size

    2.4MB

  • Sample

    250124-q9nvqa1pfx

  • MD5

    abdf46524304117605f50b531d946590

  • SHA1

    8f7af0c642b8f9cbac7ee261a96576ae126fe58b

  • SHA256

    36d0de0ae2d618e4ebdd8cf62e209503cd53263437219095ee80a2ea2daba173

  • SHA512

    e3d2b3a3a33b4fa75cb69ee84fd084851a98c3f8ede314e6833eccc0234230139cbb52eddbaba7fcee297dc4459ccab1e5932d289e0efb7e865d81a995d24da7

  • SSDEEP

    49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6R:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttX

Malware Config

Targets

    • Target

      36d0de0ae2d618e4ebdd8cf62e209503cd53263437219095ee80a2ea2daba173N.exe

    • Size

      2.4MB

    • MD5

      abdf46524304117605f50b531d946590

    • SHA1

      8f7af0c642b8f9cbac7ee261a96576ae126fe58b

    • SHA256

      36d0de0ae2d618e4ebdd8cf62e209503cd53263437219095ee80a2ea2daba173

    • SHA512

      e3d2b3a3a33b4fa75cb69ee84fd084851a98c3f8ede314e6833eccc0234230139cbb52eddbaba7fcee297dc4459ccab1e5932d289e0efb7e865d81a995d24da7

    • SSDEEP

      49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6R:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttX

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks