General

  • Target

    61e8f4d0087ec4bcbb0c0176acc638c95465f007ce1be44aa1bdb3ae336f44afN.exe

  • Size

    520KB

  • Sample

    250216-elcl1a1map

  • MD5

    5373119a0df2ba7c7a27e6d26fd556c0

  • SHA1

    44b50c7d267e8914ca1d5aff76ce3c7dbde02f36

  • SHA256

    61e8f4d0087ec4bcbb0c0176acc638c95465f007ce1be44aa1bdb3ae336f44af

  • SHA512

    d199232e584d4991cd4480f010c6ae8930a55850858fc39fb31c6ebe23f6b6ed87254ec76b0278380e974037afc68f3c4fb56ef23cbd16ee726cb2d423d87980

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXi:zW6ncoyqOp6IsTl/mXi

Malware Config

Targets

    • Target

      61e8f4d0087ec4bcbb0c0176acc638c95465f007ce1be44aa1bdb3ae336f44afN.exe

    • Size

      520KB

    • MD5

      5373119a0df2ba7c7a27e6d26fd556c0

    • SHA1

      44b50c7d267e8914ca1d5aff76ce3c7dbde02f36

    • SHA256

      61e8f4d0087ec4bcbb0c0176acc638c95465f007ce1be44aa1bdb3ae336f44af

    • SHA512

      d199232e584d4991cd4480f010c6ae8930a55850858fc39fb31c6ebe23f6b6ed87254ec76b0278380e974037afc68f3c4fb56ef23cbd16ee726cb2d423d87980

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXi:zW6ncoyqOp6IsTl/mXi

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks