General

  • Target

    40f0f6f1258e5106a2809922fba2b4fcca7d357ddc08644850a2482985f45d87N.exe

  • Size

    2.4MB

  • Sample

    250125-a1cs4ayjaq

  • MD5

    08c7eb67dd624e26ad1a7bf646a822f0

  • SHA1

    b7b7ad5a86fdab4f29b11cee6f9110986e9bc913

  • SHA256

    40f0f6f1258e5106a2809922fba2b4fcca7d357ddc08644850a2482985f45d87

  • SHA512

    152d1f23bdfa6c9cddb01809fe1d45fb34f967fe05720d13d143f8580054378c0c835c878db342773dd93e702dd96f6a0282e3ccd81a5d563bdac8fdd67c2de5

  • SSDEEP

    49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6C:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttw

Malware Config

Targets

    • Target

      40f0f6f1258e5106a2809922fba2b4fcca7d357ddc08644850a2482985f45d87N.exe

    • Size

      2.4MB

    • MD5

      08c7eb67dd624e26ad1a7bf646a822f0

    • SHA1

      b7b7ad5a86fdab4f29b11cee6f9110986e9bc913

    • SHA256

      40f0f6f1258e5106a2809922fba2b4fcca7d357ddc08644850a2482985f45d87

    • SHA512

      152d1f23bdfa6c9cddb01809fe1d45fb34f967fe05720d13d143f8580054378c0c835c878db342773dd93e702dd96f6a0282e3ccd81a5d563bdac8fdd67c2de5

    • SSDEEP

      49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6C:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttw

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks