Overview

overview

10

Static

static

4

3.8.1/Blac...al.pdf

windows7-x64

3

3.8.1/Blac...al.pdf

windows10-2004-x64

3

3.8.1/Blac...de.pdf

windows7-x64

3

3.8.1/Blac...de.pdf

windows10-2004-x64

3

3.8.1/client.exe

windows7-x64

10

3.8.1/client.exe

windows10-2004-x64

10

3.8.1/data...~1.dll

windows7-x64

3

3.8.1/data...~1.dll

windows10-2004-x64

3

3.8.1/data...~2.dll

windows7-x64

3

3.8.1/data...~2.dll

windows10-2004-x64

3

3.8.1/data....2.dll

windows7-x64

3

3.8.1/data....2.dll

windows10-2004-x64

3

3.8.1/data....2.dll

windows7-x64

3

3.8.1/data....2.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    30-01-2025 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3.8.1/Blackshades NET User Guide.pdf

  • Size

    1.6MB

  • MD5

    7753e25cc1afa1bebce1d9264b17e098

  • SHA1

    ab261a322b6b15e90e08af67a6646cce675469ae

  • SHA256

    e024e14ccb85b8c59cfc10ee2d9aa867c85e036382363fd8581c97ecaaf10fb4

  • SHA512

    8f4a6450a71c3caf1baba9653a3cf55d860037a4bb1e54db6bfb7ca12306877871524716c91dc7cf9ad37b43a8b8efc523e2a94b37ead0398cae4bd12e9c00d1

  • SSDEEP

    24576:MqsmKcB2EeVRZjPDFSFVIOCN1DXjQJZg4XJ2ILbdcSJMknLzMNIQSJa5n59EA9Ew:MqsmKDVRBDSsbog4XJ2wcg/Dc1PENZS

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3.8.1\Blackshades NET User Guide.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d0844046cc7aa5aa8918e1180be486c8

    SHA1

    9b845599340417c2e92a2a6536f238c21267acd0

    SHA256

    58833e52c879951ca56a7c3185ac27d8d32b52705d909e35a70553b446f884bb

    SHA512

    461be5cace713c02aac518680207434a22a28798040078a2ec7090b5e8d36754ca00c6db4cc92b0896d20ea8c33a8ab9c5d689ebba1277198fcf4e570e834be2

    Download Submit