General

  • Target

    2f5b4fba89a5ab0062a4718be94d6420334b9c597308998243b41546924f1affN.exe

  • Size

    604KB

  • Sample

    250211-mbdqbatpas

  • MD5

    70723c3731fbb5597da3c6db40604d70

  • SHA1

    52e35d9defa7e627da780dca71735d1b6acde954

  • SHA256

    2f5b4fba89a5ab0062a4718be94d6420334b9c597308998243b41546924f1aff

  • SHA512

    9678648168a463691192bfed4445d5ce2161cb610f4bed9109c2280b3e13921b9c6c45316c7813681010089cd7e424890341f387d6dc9e9e79fec727aa1bef41

  • SSDEEP

    12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+ia:NJ86eUyEQ/OtI1c

Malware Config

Targets

    • Target

      2f5b4fba89a5ab0062a4718be94d6420334b9c597308998243b41546924f1affN.exe

    • Size

      604KB

    • MD5

      70723c3731fbb5597da3c6db40604d70

    • SHA1

      52e35d9defa7e627da780dca71735d1b6acde954

    • SHA256

      2f5b4fba89a5ab0062a4718be94d6420334b9c597308998243b41546924f1aff

    • SHA512

      9678648168a463691192bfed4445d5ce2161cb610f4bed9109c2280b3e13921b9c6c45316c7813681010089cd7e424890341f387d6dc9e9e79fec727aa1bef41

    • SSDEEP

      12288:NcHg+OMkYnx+ZkeeUE9EylqAUB7ftCwYTJ0Q+ia:NJ86eUyEQ/OtI1c

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks