General
-
Target
383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a
-
Size
520KB
-
Sample
250314-22wq5stpz2
-
MD5
4c01b6a8a3a185cba7f6b892be16ae18
-
SHA1
5a0f508baeca1fd794fc2d9d8e95d048fc3d5be7
-
SHA256
383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a
-
SHA512
742af719d43a4a81e842f8acedad6eb9dcf63430e7b759bcc2b0498e0fa53b0a9b8bc690dc4b7d0d3f03f7a20c64f290685dd47bcbf0aa3f716a7dfd75232ae3
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXA:zW6ncoyqOp6IsTl/mXA
Static task
static1
Behavioral task
behavioral1
Sample
383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a
-
Size
520KB
-
MD5
4c01b6a8a3a185cba7f6b892be16ae18
-
SHA1
5a0f508baeca1fd794fc2d9d8e95d048fc3d5be7
-
SHA256
383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a
-
SHA512
742af719d43a4a81e842f8acedad6eb9dcf63430e7b759bcc2b0498e0fa53b0a9b8bc690dc4b7d0d3f03f7a20c64f290685dd47bcbf0aa3f716a7dfd75232ae3
-
SSDEEP
12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXA:zW6ncoyqOp6IsTl/mXA
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3