General

  • Target

    383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a

  • Size

    520KB

  • Sample

    250314-22wq5stpz2

  • MD5

    4c01b6a8a3a185cba7f6b892be16ae18

  • SHA1

    5a0f508baeca1fd794fc2d9d8e95d048fc3d5be7

  • SHA256

    383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a

  • SHA512

    742af719d43a4a81e842f8acedad6eb9dcf63430e7b759bcc2b0498e0fa53b0a9b8bc690dc4b7d0d3f03f7a20c64f290685dd47bcbf0aa3f716a7dfd75232ae3

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXA:zW6ncoyqOp6IsTl/mXA

Malware Config

Targets

    • Target

      383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a

    • Size

      520KB

    • MD5

      4c01b6a8a3a185cba7f6b892be16ae18

    • SHA1

      5a0f508baeca1fd794fc2d9d8e95d048fc3d5be7

    • SHA256

      383f56211341938794f70b3179d93303e39f0869bee0b8707c8363325f054e1a

    • SHA512

      742af719d43a4a81e842f8acedad6eb9dcf63430e7b759bcc2b0498e0fa53b0a9b8bc690dc4b7d0d3f03f7a20c64f290685dd47bcbf0aa3f716a7dfd75232ae3

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXA:zW6ncoyqOp6IsTl/mXA

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks