General

  • Target

    72d3f4554a873df74aede20f18dd01ad2fd3b5cb3b36a9c2f9e38c31fc0270b6

  • Size

    1.7MB

  • Sample

    250125-b2mkcsynfx

  • MD5

    cb10151655359b35789142dc56e01368

  • SHA1

    ade23467272b60c6860a9e8f3c058a6b0d4ed189

  • SHA256

    72d3f4554a873df74aede20f18dd01ad2fd3b5cb3b36a9c2f9e38c31fc0270b6

  • SHA512

    bc92a3c12a707be884fea6691b50ee021b2304705ee27e04ec511cfc77dee02e4667dadc88ef618a0c95e62ed4c8feb77937146f3e3273d00e6260247fd6a9fe

  • SSDEEP

    12288:DZISeMFVhdL1XBvXxzGNABnwHdxkn7L1GzR1FYoxkM2N4JHUcTwoSx:VIW0rXi1GzRQo08K

Malware Config

Targets

    • Target

      72d3f4554a873df74aede20f18dd01ad2fd3b5cb3b36a9c2f9e38c31fc0270b6

    • Size

      1.7MB

    • MD5

      cb10151655359b35789142dc56e01368

    • SHA1

      ade23467272b60c6860a9e8f3c058a6b0d4ed189

    • SHA256

      72d3f4554a873df74aede20f18dd01ad2fd3b5cb3b36a9c2f9e38c31fc0270b6

    • SHA512

      bc92a3c12a707be884fea6691b50ee021b2304705ee27e04ec511cfc77dee02e4667dadc88ef618a0c95e62ed4c8feb77937146f3e3273d00e6260247fd6a9fe

    • SSDEEP

      12288:DZISeMFVhdL1XBvXxzGNABnwHdxkn7L1GzR1FYoxkM2N4JHUcTwoSx:VIW0rXi1GzRQo08K

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks