General

  • Target

    26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac.exe

  • Size

    285KB

  • Sample

    250216-adc6ca1per

  • MD5

    a1323b33879b9670fa9409f2237fe333

  • SHA1

    49a700a5aae7d643feb6e623c5a0ee8007a62b7d

  • SHA256

    26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac

  • SHA512

    eb853e8b45b1e294c35da850dfbd3e7ecdefd68251b45f7de33a740dc0c95df34b3ced9e675ef572351b66fd74cb33c0d71c6223e480c3a636d0810e6a967ead

  • SSDEEP

    6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLn:NBaBnmtOwq/+1MkU68raJRHua8G9LcoJ

Malware Config

Targets

    • Target

      26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac.exe

    • Size

      285KB

    • MD5

      a1323b33879b9670fa9409f2237fe333

    • SHA1

      49a700a5aae7d643feb6e623c5a0ee8007a62b7d

    • SHA256

      26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac

    • SHA512

      eb853e8b45b1e294c35da850dfbd3e7ecdefd68251b45f7de33a740dc0c95df34b3ced9e675ef572351b66fd74cb33c0d71c6223e480c3a636d0810e6a967ead

    • SSDEEP

      6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLn:NBaBnmtOwq/+1MkU68raJRHua8G9LcoJ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks