General

  • Target

    5093a8ee72123d0a6cd34cbd21f3c5255ba65b303f1703e86e3fd089b799893c

  • Size

    520KB

  • Sample

    250303-3nxxqas1ds

  • MD5

    77d007b16a551599d367830acc2bc126

  • SHA1

    8c9aeda3ffb58b9656e871c1c0801e76639ceb51

  • SHA256

    5093a8ee72123d0a6cd34cbd21f3c5255ba65b303f1703e86e3fd089b799893c

  • SHA512

    687966551e8a6b6c312dcf7dc3892e2f7967710d91b8dd672a341a174a44dad43fc7fffb7327715a78ab4345be3ddaab42aa85d14afbd712b3e08d79ba3217c3

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXQ:zW6ncoyqOp6IsTl/mXQ

Malware Config

Targets

    • Target

      5093a8ee72123d0a6cd34cbd21f3c5255ba65b303f1703e86e3fd089b799893c

    • Size

      520KB

    • MD5

      77d007b16a551599d367830acc2bc126

    • SHA1

      8c9aeda3ffb58b9656e871c1c0801e76639ceb51

    • SHA256

      5093a8ee72123d0a6cd34cbd21f3c5255ba65b303f1703e86e3fd089b799893c

    • SHA512

      687966551e8a6b6c312dcf7dc3892e2f7967710d91b8dd672a341a174a44dad43fc7fffb7327715a78ab4345be3ddaab42aa85d14afbd712b3e08d79ba3217c3

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXQ:zW6ncoyqOp6IsTl/mXQ

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks