Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5aN.exe
-
Size
1.6MB
-
Sample
250205-jwmxyaxmgw
-
MD5
a9ac1974040474510b772ac2d6699180
-
SHA1
b4659c684198702c183ffa02dccb837d35eb39a8
-
SHA256
433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5a
-
SHA512
33785f8928bb544944e9973d8e3906dd97d659690b51f4af5652b46ab6c8205d1ec2a0c73f8f0fe9d0d51db206c72b8a24459132c558abbcf110cbd0ab972c7a
-
SSDEEP
12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uh:WkB4tpHlgGjlLHlFoq2d5h
Malware Config
Targets
-
-
Target
433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5aN.exe
-
Size
1.6MB
-
MD5
a9ac1974040474510b772ac2d6699180
-
SHA1
b4659c684198702c183ffa02dccb837d35eb39a8
-
SHA256
433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5a
-
SHA512
33785f8928bb544944e9973d8e3906dd97d659690b51f4af5652b46ab6c8205d1ec2a0c73f8f0fe9d0d51db206c72b8a24459132c558abbcf110cbd0ab972c7a
-
SSDEEP
12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uh:WkB4tpHlgGjlLHlFoq2d5h
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3