General

  • Target

    91e7833ccec56342a2f489b3b3080227d200a803b3e950083be93faa5eb1ce94N.exe

  • Size

    2.4MB

  • Sample

    250125-g1pafs1mhn

  • MD5

    0222dd717bda5201efd6ae9d2c65f9e0

  • SHA1

    46581c7a63b324d7d4430da9c21ad06bd07a78f3

  • SHA256

    91e7833ccec56342a2f489b3b3080227d200a803b3e950083be93faa5eb1ce94

  • SHA512

    ddeba3ae652cfeba689929ff2c6f74fad03d68653fd9f4111a2498e0aa7b72e0b650330546bae68d05dbc241259545cda482e08b4026eef33c8758a0ca006ca9

  • SSDEEP

    49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6/:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttt

Malware Config

Targets

    • Target

      91e7833ccec56342a2f489b3b3080227d200a803b3e950083be93faa5eb1ce94N.exe

    • Size

      2.4MB

    • MD5

      0222dd717bda5201efd6ae9d2c65f9e0

    • SHA1

      46581c7a63b324d7d4430da9c21ad06bd07a78f3

    • SHA256

      91e7833ccec56342a2f489b3b3080227d200a803b3e950083be93faa5eb1ce94

    • SHA512

      ddeba3ae652cfeba689929ff2c6f74fad03d68653fd9f4111a2498e0aa7b72e0b650330546bae68d05dbc241259545cda482e08b4026eef33c8758a0ca006ca9

    • SSDEEP

      49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6/:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttt

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks