General
-
Target
26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac.exe
-
Size
285KB
-
Sample
250216-adc6ca1per
-
MD5
a1323b33879b9670fa9409f2237fe333
-
SHA1
49a700a5aae7d643feb6e623c5a0ee8007a62b7d
-
SHA256
26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac
-
SHA512
eb853e8b45b1e294c35da850dfbd3e7ecdefd68251b45f7de33a740dc0c95df34b3ced9e675ef572351b66fd74cb33c0d71c6223e480c3a636d0810e6a967ead
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLn:NBaBnmtOwq/+1MkU68raJRHua8G9LcoJ
Behavioral task
behavioral1
Sample
26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac.exe
Resource
win10v2004-20250211-en
Malware Config
Targets
-
-
Target
26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac.exe
-
Size
285KB
-
MD5
a1323b33879b9670fa9409f2237fe333
-
SHA1
49a700a5aae7d643feb6e623c5a0ee8007a62b7d
-
SHA256
26f533a57b41c7f77848b99f14f214a4d18386886065821c253a1ff92746c6ac
-
SHA512
eb853e8b45b1e294c35da850dfbd3e7ecdefd68251b45f7de33a740dc0c95df34b3ced9e675ef572351b66fd74cb33c0d71c6223e480c3a636d0810e6a967ead
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLn:NBaBnmtOwq/+1MkU68raJRHua8G9LcoJ
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3