General

  • Target

    8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4eN.exe

  • Size

    604KB

  • Sample

    250202-facnaswkfz

  • MD5

    19d943aec6f92b0ebaf2bb3d5a4b3660

  • SHA1

    f38998ddf9447864b466e6744f07e57be5467220

  • SHA256

    8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4e

  • SHA512

    7d8a88b246a46f23124e17f4f8185abdb54b6b19d76d8ce2baaf4cf36e91a958a93e8c69a4c38a97755ef69c4033710e5bd460d9c5bb292819cca8f33b05be2d

  • SSDEEP

    12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+i:NJ86eUyEQ/OtI1

Malware Config

Targets

    • Target

      8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4eN.exe

    • Size

      604KB

    • MD5

      19d943aec6f92b0ebaf2bb3d5a4b3660

    • SHA1

      f38998ddf9447864b466e6744f07e57be5467220

    • SHA256

      8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4e

    • SHA512

      7d8a88b246a46f23124e17f4f8185abdb54b6b19d76d8ce2baaf4cf36e91a958a93e8c69a4c38a97755ef69c4033710e5bd460d9c5bb292819cca8f33b05be2d

    • SSDEEP

      12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+i:NJ86eUyEQ/OtI1

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks