General

  • Target

    47389c59a55aa2bbc7034840e3d7a4642e023e762c68025d683da413e50119ef.zip

  • Size

    179KB

  • Sample

    250303-1h2bvazya1

  • MD5

    12e0f9adaf78cdb0cd974e1b2e7da9a8

  • SHA1

    ee4d399a4e2de964ea6380c9600e3123fd896087

  • SHA256

    d52ee63c7b6224a366b4cbbbeda068026b2af0c409a050b67d8b19a5481850fe

  • SHA512

    12d648e3e84de42b6ed80dbc8e056cf15af6735a91e2b98ec9ac6a24dfd04cbee0c024518d03f501541c162631218f230b91cae1a86c9d97d9de42c5b20f081b

  • SSDEEP

    3072:8SlvfcwZ0rcV4roQtTTe1ilxUGXznRjUWors/SOOtoW/9re4kfKmklZ0wOe:9l8G0rU4VNTSJAURs/bWpdeImklZH

Malware Config

Targets

    • Target

      47389c59a55aa2bbc7034840e3d7a4642e023e762c68025d683da413e50119ef

    • Size

      451KB

    • MD5

      57ffc0e865bbaf487b12e4626c10414d

    • SHA1

      469793d6fa6d035188aed2976fa1c33d2781000f

    • SHA256

      47389c59a55aa2bbc7034840e3d7a4642e023e762c68025d683da413e50119ef

    • SHA512

      b8cf41773ecf6c949538956c6fe30c38e96a752fc6d982ddcd9042ed5df00041b2414aff0b44ce6fe48dc50c4f854f3e5c1e6bde3f8f76f5d70bd843875b74d6

    • SSDEEP

      6144:pfZivnaPAQ6BHng5HaqGg779vT/pQNCbw9q4uo0v5l/3yg/:pRYnpQWga611QEbw9q4uo0v5lvT

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks