General

  • Target

    b44c475e0f9e056be5b92e428573ccf19eb184261bbc6c6ae31ff3c5d54e4ded.exe

  • Size

    285KB

  • Sample

    250216-cyqnaaxmcj

  • MD5

    6897d81e99531166bc25b0210dd642ef

  • SHA1

    570c0b0729e4c82978a088cad9f1bd6b0a32cb94

  • SHA256

    b44c475e0f9e056be5b92e428573ccf19eb184261bbc6c6ae31ff3c5d54e4ded

  • SHA512

    1a951682c82c7560351e6a5b0d5cfe96ed6de89c178eee351c2ce19745fd4956c8257ab80895e5480d13269266af786001d577f847e75e0d952a75ec85f0461e

  • SSDEEP

    6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL4:NBaBnmtOwq/+1MkU68raJRHua8G9Lcom

Malware Config

Targets

    • Target

      b44c475e0f9e056be5b92e428573ccf19eb184261bbc6c6ae31ff3c5d54e4ded.exe

    • Size

      285KB

    • MD5

      6897d81e99531166bc25b0210dd642ef

    • SHA1

      570c0b0729e4c82978a088cad9f1bd6b0a32cb94

    • SHA256

      b44c475e0f9e056be5b92e428573ccf19eb184261bbc6c6ae31ff3c5d54e4ded

    • SHA512

      1a951682c82c7560351e6a5b0d5cfe96ed6de89c178eee351c2ce19745fd4956c8257ab80895e5480d13269266af786001d577f847e75e0d952a75ec85f0461e

    • SSDEEP

      6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL4:NBaBnmtOwq/+1MkU68raJRHua8G9Lcom

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks