General

  • Target

    3fa4f315806fbb4c26a784570fef9befef0530e7905705be571d9b1b3d79b319N.exe

  • Size

    1.2MB

  • Sample

    250216-em1p8a1mgj

  • MD5

    18767020b44857cee9958d5a0c867290

  • SHA1

    a5a1cc52299cfdc9003b643cd932d0f7ffa9e122

  • SHA256

    3fa4f315806fbb4c26a784570fef9befef0530e7905705be571d9b1b3d79b319

  • SHA512

    e07df77f279d9222f5c452ecf68c9f6bd6b415d21019235135c459f7e73850816e6577398c5b8ca8f9667d0933f6e922414a8c912bd025ef3ecf080c918018eb

  • SSDEEP

    3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cb:gRhoxrn/vmrqaTh2uMnuPea4g/GcF

Malware Config

Targets

    • Target

      3fa4f315806fbb4c26a784570fef9befef0530e7905705be571d9b1b3d79b319N.exe

    • Size

      1.2MB

    • MD5

      18767020b44857cee9958d5a0c867290

    • SHA1

      a5a1cc52299cfdc9003b643cd932d0f7ffa9e122

    • SHA256

      3fa4f315806fbb4c26a784570fef9befef0530e7905705be571d9b1b3d79b319

    • SHA512

      e07df77f279d9222f5c452ecf68c9f6bd6b415d21019235135c459f7e73850816e6577398c5b8ca8f9667d0933f6e922414a8c912bd025ef3ecf080c918018eb

    • SSDEEP

      3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cb:gRhoxrn/vmrqaTh2uMnuPea4g/GcF

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks