General

  • Target

    b07d3873f6a6376d745e7f86ef1649d0b99d1928c8043d60ab013dae70c8b934N.exe

  • Size

    285KB

  • Sample

    250215-174s9sxkgp

  • MD5

    a5c9218e983b12290e96d3fcdceefeb0

  • SHA1

    d3de06eff922950908228d809e4133a81c6366e5

  • SHA256

    b07d3873f6a6376d745e7f86ef1649d0b99d1928c8043d60ab013dae70c8b934

  • SHA512

    511642a6d3afe24d1a3ab0de323481ceaf6d72cb5f0dee7a5f0978b55f0b05816dd7c4a9417a20ed129bfd554c400f9acd0d1cd91b1000ed75ef7f4538872bab

  • SSDEEP

    6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLu:NBaBnmtOwq/+1MkU68raJRHua8G9Lcow

Malware Config

Targets

    • Target

      b07d3873f6a6376d745e7f86ef1649d0b99d1928c8043d60ab013dae70c8b934N.exe

    • Size

      285KB

    • MD5

      a5c9218e983b12290e96d3fcdceefeb0

    • SHA1

      d3de06eff922950908228d809e4133a81c6366e5

    • SHA256

      b07d3873f6a6376d745e7f86ef1649d0b99d1928c8043d60ab013dae70c8b934

    • SHA512

      511642a6d3afe24d1a3ab0de323481ceaf6d72cb5f0dee7a5f0978b55f0b05816dd7c4a9417a20ed129bfd554c400f9acd0d1cd91b1000ed75ef7f4538872bab

    • SSDEEP

      6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLu:NBaBnmtOwq/+1MkU68raJRHua8G9Lcow

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks