General

  • Target

    a7d114abb629248dd3e1cb72a25c476f3a8bf781a0b925d6f85cfa91c9b00c4e

  • Size

    677KB

  • Sample

    250125-e7fwjswlez

  • MD5

    58d9d467f7ab2073f2d0bcb05aef2138

  • SHA1

    4d18440ec0f436bc1acb00c0115bfde717c61b4f

  • SHA256

    a7d114abb629248dd3e1cb72a25c476f3a8bf781a0b925d6f85cfa91c9b00c4e

  • SHA512

    5aa5e2283f7ed59bb9b00c5bff3a2f0f659363118bdc9c68678cf8286c448a545f0542b5e7fb7b9bb0d842c4481d823e2aea67210a2c06eba6944060d7a746a2

  • SSDEEP

    12288:9kiL11aPKT1F5Vs+TVonB7krqRTUWfIVzJVUYMiGx/OHWtWOaQ:9ki+PKT1F5S7BgORTWJOXBSQ

Malware Config

Targets

    • Target

      a7d114abb629248dd3e1cb72a25c476f3a8bf781a0b925d6f85cfa91c9b00c4e

    • Size

      677KB

    • MD5

      58d9d467f7ab2073f2d0bcb05aef2138

    • SHA1

      4d18440ec0f436bc1acb00c0115bfde717c61b4f

    • SHA256

      a7d114abb629248dd3e1cb72a25c476f3a8bf781a0b925d6f85cfa91c9b00c4e

    • SHA512

      5aa5e2283f7ed59bb9b00c5bff3a2f0f659363118bdc9c68678cf8286c448a545f0542b5e7fb7b9bb0d842c4481d823e2aea67210a2c06eba6944060d7a746a2

    • SSDEEP

      12288:9kiL11aPKT1F5Vs+TVonB7krqRTUWfIVzJVUYMiGx/OHWtWOaQ:9ki+PKT1F5S7BgORTWJOXBSQ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks