General

  • Target

    90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17N.exe

  • Size

    1.7MB

  • Sample

    250216-fz299avmaw

  • MD5

    b990b8d357c5ba386d9bb1bfb74e6130

  • SHA1

    f19de69f8be2280671d5aa440f6707140d319b98

  • SHA256

    90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17

  • SHA512

    e480c66f61022a839a155a0e8c6e16adca40e4eee8d8c59b3e667c84c3cc8a4f948189c07cf303423ba7bce86ec657dc9f08d685488fbc3724b1b1ec032fe5f0

  • SSDEEP

    12288:3vk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2oSx:M1zltpu0iO

Malware Config

Targets

    • Target

      90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17N.exe

    • Size

      1.7MB

    • MD5

      b990b8d357c5ba386d9bb1bfb74e6130

    • SHA1

      f19de69f8be2280671d5aa440f6707140d319b98

    • SHA256

      90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17

    • SHA512

      e480c66f61022a839a155a0e8c6e16adca40e4eee8d8c59b3e667c84c3cc8a4f948189c07cf303423ba7bce86ec657dc9f08d685488fbc3724b1b1ec032fe5f0

    • SSDEEP

      12288:3vk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2oSx:M1zltpu0iO

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks