General
-
Target
0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831N.exe
-
Size
1.6MB
-
Sample
250124-y2cfqawpdv
-
MD5
b309be07476f4fb5785f5c2fb6f00ef0
-
SHA1
5787553b14ad6f073ec80593640ed05946bd9099
-
SHA256
0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831
-
SHA512
378f4b7fa8c9863237fe3235616d557a9836c3f6c5554b73b5cd8b7e814cdb88fdc42df476fcc7437e9b32814263a0441808e6c44ae3d661ed0ace3ccc8511bb
-
SSDEEP
12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4UC:bkB4tpHlgGjlLHlFoq2d5C
Behavioral task
behavioral1
Sample
0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831N.exe
-
Size
1.6MB
-
MD5
b309be07476f4fb5785f5c2fb6f00ef0
-
SHA1
5787553b14ad6f073ec80593640ed05946bd9099
-
SHA256
0a126393339279088d82f3fafdb15f3f4a5f8a3e84ca27d3f6d0840eeaca4831
-
SHA512
378f4b7fa8c9863237fe3235616d557a9836c3f6c5554b73b5cd8b7e814cdb88fdc42df476fcc7437e9b32814263a0441808e6c44ae3d661ed0ace3ccc8511bb
-
SSDEEP
12288:bB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4UC:bkB4tpHlgGjlLHlFoq2d5C
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3