General

  • Target

    37df9a6efb37b1f51891a8b4ae40a0262baa77a06f4b3d74c6f059d75b40f806.exe

  • Size

    520KB

  • Sample

    250216-xmkywavrbm

  • MD5

    1fb57944a54b29c602b7c63d8bd7fd45

  • SHA1

    c6e70cf69b5c20374acd77ac147fe0970702dc98

  • SHA256

    37df9a6efb37b1f51891a8b4ae40a0262baa77a06f4b3d74c6f059d75b40f806

  • SHA512

    30c00b662648f9f3dd85e7b21f5a3abad6af78d4a1988da8c3e189e032b2fad079a0838961a22dbac819935f337aba0efc7b594e57d2315e91bbd922c78144ad

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXq:zW6ncoyqOp6IsTl/mXq

Malware Config

Targets

    • Target

      37df9a6efb37b1f51891a8b4ae40a0262baa77a06f4b3d74c6f059d75b40f806.exe

    • Size

      520KB

    • MD5

      1fb57944a54b29c602b7c63d8bd7fd45

    • SHA1

      c6e70cf69b5c20374acd77ac147fe0970702dc98

    • SHA256

      37df9a6efb37b1f51891a8b4ae40a0262baa77a06f4b3d74c6f059d75b40f806

    • SHA512

      30c00b662648f9f3dd85e7b21f5a3abad6af78d4a1988da8c3e189e032b2fad079a0838961a22dbac819935f337aba0efc7b594e57d2315e91bbd922c78144ad

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXq:zW6ncoyqOp6IsTl/mXq

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks