General
-
Target
90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17N.exe
-
Size
1.7MB
-
Sample
250216-fz299avmaw
-
MD5
b990b8d357c5ba386d9bb1bfb74e6130
-
SHA1
f19de69f8be2280671d5aa440f6707140d319b98
-
SHA256
90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17
-
SHA512
e480c66f61022a839a155a0e8c6e16adca40e4eee8d8c59b3e667c84c3cc8a4f948189c07cf303423ba7bce86ec657dc9f08d685488fbc3724b1b1ec032fe5f0
-
SSDEEP
12288:3vk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2oSx:M1zltpu0iO
Behavioral task
behavioral1
Sample
90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17N.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17N.exe
-
Size
1.7MB
-
MD5
b990b8d357c5ba386d9bb1bfb74e6130
-
SHA1
f19de69f8be2280671d5aa440f6707140d319b98
-
SHA256
90d450eb732eb9c91318be19652158fe0b80b204b0f0e09692ddcc6f61207e17
-
SHA512
e480c66f61022a839a155a0e8c6e16adca40e4eee8d8c59b3e667c84c3cc8a4f948189c07cf303423ba7bce86ec657dc9f08d685488fbc3724b1b1ec032fe5f0
-
SSDEEP
12288:3vk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2oSx:M1zltpu0iO
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3