General
-
Target
37dbb90443888746dcb614c7bc4a4d70528f2f04fcbbe8ba60896db38e41d7ba
-
Size
520KB
-
Sample
250313-21dtyavwex
-
MD5
4ce712821a7d6e3351b6da71f200550e
-
SHA1
21b41b99a7cf780d94cbdd8af777d3e6d36b6350
-
SHA256
37dbb90443888746dcb614c7bc4a4d70528f2f04fcbbe8ba60896db38e41d7ba
-
SHA512
562eb15dcbc65e91136f4d1ddb9b3ca347d536c4e3b3a29b5d9da37ae874fb398b48c7cd6a54eb82e67ee709c1f70bed915c4e95a7fe623b0ab7285ea05b1ea1
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXi:zW6ncoyqOp6IsTl/mXi
Static task
static1
Behavioral task
behavioral1
Sample
37dbb90443888746dcb614c7bc4a4d70528f2f04fcbbe8ba60896db38e41d7ba.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
37dbb90443888746dcb614c7bc4a4d70528f2f04fcbbe8ba60896db38e41d7ba.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
37dbb90443888746dcb614c7bc4a4d70528f2f04fcbbe8ba60896db38e41d7ba
-
Size
520KB
-
MD5
4ce712821a7d6e3351b6da71f200550e
-
SHA1
21b41b99a7cf780d94cbdd8af777d3e6d36b6350
-
SHA256
37dbb90443888746dcb614c7bc4a4d70528f2f04fcbbe8ba60896db38e41d7ba
-
SHA512
562eb15dcbc65e91136f4d1ddb9b3ca347d536c4e3b3a29b5d9da37ae874fb398b48c7cd6a54eb82e67ee709c1f70bed915c4e95a7fe623b0ab7285ea05b1ea1
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXi:zW6ncoyqOp6IsTl/mXi
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3