General

  • Target

    8b6815a48e3b57c264c50a7fcc4751ce9a5a4ce1c6449386f9e6b2078258c3ce.exe

  • Size

    1.8MB

  • Sample

    250216-ewav6a1qhl

  • MD5

    9616dc37c94281db814ef115f3297e23

  • SHA1

    394b39ad2dbedd396a5c9efcd0f3def111a35a92

  • SHA256

    8b6815a48e3b57c264c50a7fcc4751ce9a5a4ce1c6449386f9e6b2078258c3ce

  • SHA512

    ac129204a38af317d615d05c3ba8cff156b6c9472e33c4d8cf28917c85aef3022f350b48653a5b2236cc285ddeb609a3aa84018ca9faca057878a5417d52b7ad

  • SSDEEP

    49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zw:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4L

Malware Config

Targets

    • Target

      8b6815a48e3b57c264c50a7fcc4751ce9a5a4ce1c6449386f9e6b2078258c3ce.exe

    • Size

      1.8MB

    • MD5

      9616dc37c94281db814ef115f3297e23

    • SHA1

      394b39ad2dbedd396a5c9efcd0f3def111a35a92

    • SHA256

      8b6815a48e3b57c264c50a7fcc4751ce9a5a4ce1c6449386f9e6b2078258c3ce

    • SHA512

      ac129204a38af317d615d05c3ba8cff156b6c9472e33c4d8cf28917c85aef3022f350b48653a5b2236cc285ddeb609a3aa84018ca9faca057878a5417d52b7ad

    • SSDEEP

      49152:ALIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zw:cIUXQgBiI6i2KFU0yBfM7a9QDosGeo4L

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks