General

  • Target

    f3aa414528dc332b56d73a35cd48ebca554b08116be3e7589b7333e0344233a1N.exe

  • Size

    604KB

  • Sample

    250125-bbhhqayndn

  • MD5

    b97ff44955789b92d103e77f0840c670

  • SHA1

    b5e21583693f3a6147d6c0174ff5e763896b7ace

  • SHA256

    f3aa414528dc332b56d73a35cd48ebca554b08116be3e7589b7333e0344233a1

  • SHA512

    66f4b2d4f3743c59f13de2346d9be9b075a2b3fe59271172120540a0b43b64aa915643b6b2f6e697cde92aeabbb0fe8da20667f3679fe1af99e0106d029e3269

  • SSDEEP

    12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+i:NJ86eUyEQ/OtI1

Malware Config

Targets

    • Target

      f3aa414528dc332b56d73a35cd48ebca554b08116be3e7589b7333e0344233a1N.exe

    • Size

      604KB

    • MD5

      b97ff44955789b92d103e77f0840c670

    • SHA1

      b5e21583693f3a6147d6c0174ff5e763896b7ace

    • SHA256

      f3aa414528dc332b56d73a35cd48ebca554b08116be3e7589b7333e0344233a1

    • SHA512

      66f4b2d4f3743c59f13de2346d9be9b075a2b3fe59271172120540a0b43b64aa915643b6b2f6e697cde92aeabbb0fe8da20667f3679fe1af99e0106d029e3269

    • SSDEEP

      12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+i:NJ86eUyEQ/OtI1

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks