General

  • Target

    86934d5b3ff8b4594e393184a901a56d0123278985934d270a93df5a4fb08f4d

  • Size

    2.0MB

  • Sample

    250125-c9g6aa1rbt

  • MD5

    1fb1ac0f04f7c9f7cb106fc5d6de29f8

  • SHA1

    75f0f7959b787e6f1d67cf53eb1a4dc32460f9d5

  • SHA256

    86934d5b3ff8b4594e393184a901a56d0123278985934d270a93df5a4fb08f4d

  • SHA512

    840f568228227ab65a4c33c3516f18dfffce98f4935ecea46de66b4dd4a702c75aea8d301196ac8a24a6e3c7249f0cce259877c41c1680358fdd660356493f96

  • SSDEEP

    49152:fmTWr53HxurntpSJU2mN2xl42d91cKSd5W6l/p7AFWVBpG947fVr0YfwCCkB1mpo:fmTWr53HxurntpSJU2mN2xu2d91cKSd3

Malware Config

Targets

    • Target

      86934d5b3ff8b4594e393184a901a56d0123278985934d270a93df5a4fb08f4d

    • Size

      2.0MB

    • MD5

      1fb1ac0f04f7c9f7cb106fc5d6de29f8

    • SHA1

      75f0f7959b787e6f1d67cf53eb1a4dc32460f9d5

    • SHA256

      86934d5b3ff8b4594e393184a901a56d0123278985934d270a93df5a4fb08f4d

    • SHA512

      840f568228227ab65a4c33c3516f18dfffce98f4935ecea46de66b4dd4a702c75aea8d301196ac8a24a6e3c7249f0cce259877c41c1680358fdd660356493f96

    • SSDEEP

      49152:fmTWr53HxurntpSJU2mN2xl42d91cKSd5W6l/p7AFWVBpG947fVr0YfwCCkB1mpo:fmTWr53HxurntpSJU2mN2xu2d91cKSd3

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks