General

  • Target

    2d5673799e88dad111cfd9ba3f0d4a73f1abfb0758cda2889080bb0f03d3fb3fN.exe

  • Size

    285KB

  • Sample

    250216-qrkqcayrbv

  • MD5

    c5f9a31f82e67c37a13bd9960af4d3f0

  • SHA1

    51a95e628db7fa365f5012bdf0243937c9b4f60d

  • SHA256

    2d5673799e88dad111cfd9ba3f0d4a73f1abfb0758cda2889080bb0f03d3fb3f

  • SHA512

    3ce83745ec248c933780ec6110c6e3ef4a1206e0e603849bc633e0769fbe25f18227887c37605d2544e984567403cb711b712783a2f802e9fc057ee3affe4e70

  • SSDEEP

    6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL4:NBaBnmtOwq/+1MkU68raJRHua8G9LcoW

Malware Config

Targets

    • Target

      2d5673799e88dad111cfd9ba3f0d4a73f1abfb0758cda2889080bb0f03d3fb3fN.exe

    • Size

      285KB

    • MD5

      c5f9a31f82e67c37a13bd9960af4d3f0

    • SHA1

      51a95e628db7fa365f5012bdf0243937c9b4f60d

    • SHA256

      2d5673799e88dad111cfd9ba3f0d4a73f1abfb0758cda2889080bb0f03d3fb3f

    • SHA512

      3ce83745ec248c933780ec6110c6e3ef4a1206e0e603849bc633e0769fbe25f18227887c37605d2544e984567403cb711b712783a2f802e9fc057ee3affe4e70

    • SSDEEP

      6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL4:NBaBnmtOwq/+1MkU68raJRHua8G9LcoW

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks