General

  • Target

    031bd5da6761a8372e29a21decdcdcaaa964ca2999d0ac7a685b8e8f48fb8dab.exe

  • Size

    285KB

  • Sample

    250124-tptf9ayjdm

  • MD5

    fe087511e80bd55748b63230ba5d7767

  • SHA1

    ae6d9f8915f4feb29fb67037d6d2b3a7f1006a64

  • SHA256

    031bd5da6761a8372e29a21decdcdcaaa964ca2999d0ac7a685b8e8f48fb8dab

  • SHA512

    78955d7785cb6fc75d6b6b068a56687ffedd6fd4b7a162c9ccd9f1f9193a5728d506a1818146db75e693a79bca0d178b172e160a67b30a83f670ff069b958dff

  • SSDEEP

    6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLw:NBaBnmtOwq/+1MkU68raJRHua8G9Lco6

Malware Config

Targets

    • Target

      031bd5da6761a8372e29a21decdcdcaaa964ca2999d0ac7a685b8e8f48fb8dab.exe

    • Size

      285KB

    • MD5

      fe087511e80bd55748b63230ba5d7767

    • SHA1

      ae6d9f8915f4feb29fb67037d6d2b3a7f1006a64

    • SHA256

      031bd5da6761a8372e29a21decdcdcaaa964ca2999d0ac7a685b8e8f48fb8dab

    • SHA512

      78955d7785cb6fc75d6b6b068a56687ffedd6fd4b7a162c9ccd9f1f9193a5728d506a1818146db75e693a79bca0d178b172e160a67b30a83f670ff069b958dff

    • SSDEEP

      6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLw:NBaBnmtOwq/+1MkU68raJRHua8G9Lco6

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks