General

  • Target

    5e789db151a8439ddd57ec963d7bafe276610fc20ff51178339b80aaee68629f.exe

  • Size

    520KB

  • Sample

    250125-jge9jstrbj

  • MD5

    bd384a6fc79b3e644b3922bbb8b6a049

  • SHA1

    146087d1c8710218fc3133a7d91ecf81986ae316

  • SHA256

    5e789db151a8439ddd57ec963d7bafe276610fc20ff51178339b80aaee68629f

  • SHA512

    88ba4b5e7d68793e0830a0cfdad7ec43b603163747e520284e6852940d31c625b36339c25a909c3801e2d1b653ce91f5d8941811f37cf5ea84b9e0f74c7887ec

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXZ:zW6ncoyqOp6IsTl/mXZ

Malware Config

Targets

    • Target

      5e789db151a8439ddd57ec963d7bafe276610fc20ff51178339b80aaee68629f.exe

    • Size

      520KB

    • MD5

      bd384a6fc79b3e644b3922bbb8b6a049

    • SHA1

      146087d1c8710218fc3133a7d91ecf81986ae316

    • SHA256

      5e789db151a8439ddd57ec963d7bafe276610fc20ff51178339b80aaee68629f

    • SHA512

      88ba4b5e7d68793e0830a0cfdad7ec43b603163747e520284e6852940d31c625b36339c25a909c3801e2d1b653ce91f5d8941811f37cf5ea84b9e0f74c7887ec

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXZ:zW6ncoyqOp6IsTl/mXZ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks