General
-
Target
4d093461fbe4ae610c4260afaf9917768097f75106fee935a4f9469485a543e6N.exe
-
Size
1.7MB
-
Sample
250216-yeyensxkby
-
MD5
635de473e9736833891e027963b88210
-
SHA1
eda16e368080df852c40db10a7a2486dc114034a
-
SHA256
4d093461fbe4ae610c4260afaf9917768097f75106fee935a4f9469485a543e6
-
SHA512
fcfaffc1cb279a7b18248a1df7abb3dc35f5421b02a19f6276bc584b12679d95bb72bf6afceb0e7df0de2086ec4bee854661d2fac31461184133ca43a340d16c
-
SSDEEP
24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cL:KsnxUS
Static task
static1
Behavioral task
behavioral1
Sample
4d093461fbe4ae610c4260afaf9917768097f75106fee935a4f9469485a543e6N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4d093461fbe4ae610c4260afaf9917768097f75106fee935a4f9469485a543e6N.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
4d093461fbe4ae610c4260afaf9917768097f75106fee935a4f9469485a543e6N.exe
-
Size
1.7MB
-
MD5
635de473e9736833891e027963b88210
-
SHA1
eda16e368080df852c40db10a7a2486dc114034a
-
SHA256
4d093461fbe4ae610c4260afaf9917768097f75106fee935a4f9469485a543e6
-
SHA512
fcfaffc1cb279a7b18248a1df7abb3dc35f5421b02a19f6276bc584b12679d95bb72bf6afceb0e7df0de2086ec4bee854661d2fac31461184133ca43a340d16c
-
SSDEEP
24576:69SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cL:KsnxUS
-
Blackshades family
-
Blackshades payload
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
UAC bypass
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
7