General
-
Target
8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4eN.exe
-
Size
604KB
-
Sample
250202-facnaswkfz
-
MD5
19d943aec6f92b0ebaf2bb3d5a4b3660
-
SHA1
f38998ddf9447864b466e6744f07e57be5467220
-
SHA256
8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4e
-
SHA512
7d8a88b246a46f23124e17f4f8185abdb54b6b19d76d8ce2baaf4cf36e91a958a93e8c69a4c38a97755ef69c4033710e5bd460d9c5bb292819cca8f33b05be2d
-
SSDEEP
12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+i:NJ86eUyEQ/OtI1
Static task
static1
Behavioral task
behavioral1
Sample
8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4eN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4eN.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4eN.exe
-
Size
604KB
-
MD5
19d943aec6f92b0ebaf2bb3d5a4b3660
-
SHA1
f38998ddf9447864b466e6744f07e57be5467220
-
SHA256
8734532cb211a9211e186edef3291c0bc21333e4925421285f5fe4fd357e0b4e
-
SHA512
7d8a88b246a46f23124e17f4f8185abdb54b6b19d76d8ce2baaf4cf36e91a958a93e8c69a4c38a97755ef69c4033710e5bd460d9c5bb292819cca8f33b05be2d
-
SSDEEP
12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+i:NJ86eUyEQ/OtI1
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3