General

  • Target

    Desktop.rar

  • Size

    123.4MB

  • Sample

    250125-cqdnrazqet

  • MD5

    b41458c63a2fe7957fb5f153df96c1ca

  • SHA1

    83b0206c507666c0601163f9fd7194b2ad2aa239

  • SHA256

    91f54df9ad8f7c57351933109a90419e4865589d5a254879b6a4ad3a4699c1dc

  • SHA512

    6b5641702e3e05d2cea1b07078a31da230888d3cbd976f79f2d90768cc8d9cec078da8b7bc51dbfe2acefd84b46c7a22d65ca0580a21b25999e687eacba64c61

  • SSDEEP

    3145728:bcEX9eT95UvvKQaGO8v39B/MgXA+5mY7f:39S5U6zObyJY7f

Malware Config

Targets

    • Target

      Desktop.rar

    • Size

      123.4MB

    • MD5

      b41458c63a2fe7957fb5f153df96c1ca

    • SHA1

      83b0206c507666c0601163f9fd7194b2ad2aa239

    • SHA256

      91f54df9ad8f7c57351933109a90419e4865589d5a254879b6a4ad3a4699c1dc

    • SHA512

      6b5641702e3e05d2cea1b07078a31da230888d3cbd976f79f2d90768cc8d9cec078da8b7bc51dbfe2acefd84b46c7a22d65ca0580a21b25999e687eacba64c61

    • SSDEEP

      3145728:bcEX9eT95UvvKQaGO8v39B/MgXA+5mY7f:39S5U6zObyJY7f

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks