General

  • Target

    980c4eaade62601319ef01e36710027079544439f42c61b0c421000bb04d8ef1N.exe

  • Size

    1.6MB

  • Sample

    250124-t5h1fsyphq

  • MD5

    a59cc81ba85c1990beff2a582acf01e0

  • SHA1

    f04e3574b2a3bf5f72ebfb1797339a771cbcbe78

  • SHA256

    980c4eaade62601319ef01e36710027079544439f42c61b0c421000bb04d8ef1

  • SHA512

    839972d190be9377ec24958d9c1e66500f8772e64a566adc4577a0935f43a6d019d419707cff7b79095781078893b0941e285425e7814b16b540eb238ab8dd75

  • SSDEEP

    12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Ue:bkB4tpHlgGjlLHlFoq2d5e

Malware Config

Targets

    • Target

      980c4eaade62601319ef01e36710027079544439f42c61b0c421000bb04d8ef1N.exe

    • Size

      1.6MB

    • MD5

      a59cc81ba85c1990beff2a582acf01e0

    • SHA1

      f04e3574b2a3bf5f72ebfb1797339a771cbcbe78

    • SHA256

      980c4eaade62601319ef01e36710027079544439f42c61b0c421000bb04d8ef1

    • SHA512

      839972d190be9377ec24958d9c1e66500f8772e64a566adc4577a0935f43a6d019d419707cff7b79095781078893b0941e285425e7814b16b540eb238ab8dd75

    • SSDEEP

      12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Ue:bkB4tpHlgGjlLHlFoq2d5e

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks