General

  • Target

    3bc4e9582bf8b3a032db8d70346c8ee43b2f6abfa216f051eec674c1ee11c27aN.exe

  • Size

    285KB

  • Sample

    250125-ga31xsyjfs

  • MD5

    460415f067d0582f1f53d04e9b12ede0

  • SHA1

    ce13be5212cb958ef76c08c225348dca388485ba

  • SHA256

    3bc4e9582bf8b3a032db8d70346c8ee43b2f6abfa216f051eec674c1ee11c27a

  • SHA512

    6d17a119e659cf63c845facd0ef4b21e7fb03fd2d81118daa4e71201b9712a0c6c31026a8b56d0590f3f13cf7b3e2c7e2394970d8730542c2df170caa78fe216

  • SSDEEP

    6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLE:NBaBnmtOwq/+1MkU68raJRHua8G9LcoC

Malware Config

Targets

    • Target

      3bc4e9582bf8b3a032db8d70346c8ee43b2f6abfa216f051eec674c1ee11c27aN.exe

    • Size

      285KB

    • MD5

      460415f067d0582f1f53d04e9b12ede0

    • SHA1

      ce13be5212cb958ef76c08c225348dca388485ba

    • SHA256

      3bc4e9582bf8b3a032db8d70346c8ee43b2f6abfa216f051eec674c1ee11c27a

    • SHA512

      6d17a119e659cf63c845facd0ef4b21e7fb03fd2d81118daa4e71201b9712a0c6c31026a8b56d0590f3f13cf7b3e2c7e2394970d8730542c2df170caa78fe216

    • SSDEEP

      6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLE:NBaBnmtOwq/+1MkU68raJRHua8G9LcoC

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks