General

  • Target

    0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831N.exe

  • Size

    1.6MB

  • Sample

    250124-y2cfqawpdv

  • MD5

    b309be07476f4fb5785f5c2fb6f00ef0

  • SHA1

    5787553b14ad6f073ec80593640ed05946bd9099

  • SHA256

    0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831

  • SHA512

    378f4b7fa8c9863237fe3235616d557a9836c3f6c5554b73b5cd8b7e814cdb88fdc42df476fcc7437e9b32814263a0441808e6c44ae3d661ed0ace3ccc8511bb

  • SSDEEP

    12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4UC:bkB4tpHlgGjlLHlFoq2d5C

Malware Config

Targets

    • Target

      0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831N.exe

    • Size

      1.6MB

    • MD5

      b309be07476f4fb5785f5c2fb6f00ef0

    • SHA1

      5787553b14ad6f073ec80593640ed05946bd9099

    • SHA256

      0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831

    • SHA512

      378f4b7fa8c9863237fe3235616d557a9836c3f6c5554b73b5cd8b7e814cdb88fdc42df476fcc7437e9b32814263a0441808e6c44ae3d661ed0ace3ccc8511bb

    • SSDEEP

      12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4UC:bkB4tpHlgGjlLHlFoq2d5C

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks