General
-
Target
832cbb33ff1cde1eca8a9f22d179ad087cfa1039431a0a67f7ab180cd6b6a5f1.exe
-
Size
190KB
-
Sample
250224-tnmx3s1qs7
-
MD5
8a665a28420e13bcf3ad8992babc4ee1
-
SHA1
46d0cf3f0499e554d6dc57608dd48be6edc3fb47
-
SHA256
832cbb33ff1cde1eca8a9f22d179ad087cfa1039431a0a67f7ab180cd6b6a5f1
-
SHA512
357cb612a9305aeb3e0b7ca2d12aaf2f46abb96b7b7e6d4f1dd4de416ad6ff07f7f1ca640af9a38002f14e0721550ba16fcc16c164f598982cb74f97438a7dc6
-
SSDEEP
3072:ONxCbB1RdMho4wV6Kz68Xn9PjRv5AsbmhB5epRAhogQGWQcdkXu7F6jjR:4xoH/6Kz6Gn5j/XbsB5eah4GzeFa1
Malware Config
Targets
-
-
Target
832cbb33ff1cde1eca8a9f22d179ad087cfa1039431a0a67f7ab180cd6b6a5f1.exe
-
Size
190KB
-
MD5
8a665a28420e13bcf3ad8992babc4ee1
-
SHA1
46d0cf3f0499e554d6dc57608dd48be6edc3fb47
-
SHA256
832cbb33ff1cde1eca8a9f22d179ad087cfa1039431a0a67f7ab180cd6b6a5f1
-
SHA512
357cb612a9305aeb3e0b7ca2d12aaf2f46abb96b7b7e6d4f1dd4de416ad6ff07f7f1ca640af9a38002f14e0721550ba16fcc16c164f598982cb74f97438a7dc6
-
SSDEEP
3072:ONxCbB1RdMho4wV6Kz68Xn9PjRv5AsbmhB5epRAhogQGWQcdkXu7F6jjR:4xoH/6Kz6Gn5j/XbsB5eah4GzeFa1
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1