General
-
Target
159586353622aa4ed7aaca1c40d8d01e3d7446eeab27a016d8956048af21e905N.exe
-
Size
405KB
-
Sample
250205-nesjbavrgq
-
MD5
6d6ded5c29c54d37ed5e481270d0cb20
-
SHA1
70a2ba22881f9d2c02cc65d801a04f18b39bd359
-
SHA256
159586353622aa4ed7aaca1c40d8d01e3d7446eeab27a016d8956048af21e905
-
SHA512
dedbda5b25762844417fec10fa3134749781911c44d6294fd9c1a2f80286ad239f46c39f22ca53fe9d4e18c2a9e3aff32f433c5d2a0ab167d2d2349b437625c8
-
SSDEEP
6144:foYn9sE89XKTK/J6brj3nmHWrt63P5A9GJ6vbmF4ifKyjlKI4r3mzzrLVIo8ZJr7:ZsNDBIrCHWux6iFTJf4r2zPBv8Xi8xSG
Malware Config
Targets
-
-
Target
159586353622aa4ed7aaca1c40d8d01e3d7446eeab27a016d8956048af21e905N.exe
-
Size
405KB
-
MD5
6d6ded5c29c54d37ed5e481270d0cb20
-
SHA1
70a2ba22881f9d2c02cc65d801a04f18b39bd359
-
SHA256
159586353622aa4ed7aaca1c40d8d01e3d7446eeab27a016d8956048af21e905
-
SHA512
dedbda5b25762844417fec10fa3134749781911c44d6294fd9c1a2f80286ad239f46c39f22ca53fe9d4e18c2a9e3aff32f433c5d2a0ab167d2d2349b437625c8
-
SSDEEP
6144:foYn9sE89XKTK/J6brj3nmHWrt63P5A9GJ6vbmF4ifKyjlKI4r3mzzrLVIo8ZJr7:ZsNDBIrCHWux6iFTJf4r2zPBv8Xi8xSG
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-