General
-
Target
20202f42027b64e33411b04085ef1b530d027eb3698082f4e5d0cd82495ebee7.exe
-
Size
1.7MB
-
Sample
250216-mztfnstjak
-
MD5
d1161809cea5167bf7f6bf6b56c72090
-
SHA1
bee6f57f252c31237fa6cf3aeff6ef7c6a816b0c
-
SHA256
20202f42027b64e33411b04085ef1b530d027eb3698082f4e5d0cd82495ebee7
-
SHA512
489b4ece26cbaf31683ca87ef883a6f092c576215aa9056483ec9732635877d28660f2db55d3cfebc1782a986f798ebded6bbc96f05410b175f013b0b7653312
-
SSDEEP
24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78ch:KsnxUG
Static task
static1
Behavioral task
behavioral1
Sample
20202f42027b64e33411b04085ef1b530d027eb3698082f4e5d0cd82495ebee7.exe
Resource
win7-20250207-en
Behavioral task
behavioral2
Sample
20202f42027b64e33411b04085ef1b530d027eb3698082f4e5d0cd82495ebee7.exe
Resource
win10v2004-20250211-en
Malware Config
Targets
-
-
Target
20202f42027b64e33411b04085ef1b530d027eb3698082f4e5d0cd82495ebee7.exe
-
Size
1.7MB
-
MD5
d1161809cea5167bf7f6bf6b56c72090
-
SHA1
bee6f57f252c31237fa6cf3aeff6ef7c6a816b0c
-
SHA256
20202f42027b64e33411b04085ef1b530d027eb3698082f4e5d0cd82495ebee7
-
SHA512
489b4ece26cbaf31683ca87ef883a6f092c576215aa9056483ec9732635877d28660f2db55d3cfebc1782a986f798ebded6bbc96f05410b175f013b0b7653312
-
SSDEEP
24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78ch:KsnxUG
-
Blackshades family
-
Blackshades payload
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
UAC bypass
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
7