General

  • Target

    390b68363696cd9d4bdaf1e631ed207523052e3de5b6a1870b17cec3b7aa1476.exe

  • Size

    1.5MB

  • Sample

    250125-ewd8ksvqf1

  • MD5

    07871527cf7421e2f723e4e2aa785cef

  • SHA1

    2ac0f4ba30cea5ba1773c39ff68458c34566276b

  • SHA256

    390b68363696cd9d4bdaf1e631ed207523052e3de5b6a1870b17cec3b7aa1476

  • SHA512

    5ec77f07abecec2c9a2b83688ef770ce6ba6abfcb6e82c517a72f65721d2c3c79a229d391d0052c775d517fcec867a20aa140e867f11918d1b24dc7df72f5948

  • SSDEEP

    12288:Y+Qf9NxkERr1JzrDTzz7wHxhW88KH6Yn77TCNp8jToZGrhR0ZooSp:Ox0j8KaYnfTYp8/oZMGZa

Malware Config

Targets

    • Target

      390b68363696cd9d4bdaf1e631ed207523052e3de5b6a1870b17cec3b7aa1476.exe

    • Size

      1.5MB

    • MD5

      07871527cf7421e2f723e4e2aa785cef

    • SHA1

      2ac0f4ba30cea5ba1773c39ff68458c34566276b

    • SHA256

      390b68363696cd9d4bdaf1e631ed207523052e3de5b6a1870b17cec3b7aa1476

    • SHA512

      5ec77f07abecec2c9a2b83688ef770ce6ba6abfcb6e82c517a72f65721d2c3c79a229d391d0052c775d517fcec867a20aa140e867f11918d1b24dc7df72f5948

    • SSDEEP

      12288:Y+Qf9NxkERr1JzrDTzz7wHxhW88KH6Yn77TCNp8jToZGrhR0ZooSp:Ox0j8KaYnfTYp8/oZMGZa

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks