General

  • Target

    58f293ef4a1d2213005eec32651766604712834e812c0825cc67a019b634d28b

  • Size

    520KB

  • Sample

    250314-byxads1lz6

  • MD5

    6007da064c4c9a42eaed6a5903c44a27

  • SHA1

    6a4f95b3dad9c1be46c49877082b1c13b2475ef8

  • SHA256

    58f293ef4a1d2213005eec32651766604712834e812c0825cc67a019b634d28b

  • SHA512

    4bb2c36ae51f35666c252b0ed4025451ee4bb0eb40c01020bd52fde463b255b5ab66241f8aafda5ea38f9c86522697d8a4890b1ea6a37eb8a004d29eeb739bd0

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXT:zW6ncoyqOp6IsTl/mXT

Malware Config

Targets

    • Target

      58f293ef4a1d2213005eec32651766604712834e812c0825cc67a019b634d28b

    • Size

      520KB

    • MD5

      6007da064c4c9a42eaed6a5903c44a27

    • SHA1

      6a4f95b3dad9c1be46c49877082b1c13b2475ef8

    • SHA256

      58f293ef4a1d2213005eec32651766604712834e812c0825cc67a019b634d28b

    • SHA512

      4bb2c36ae51f35666c252b0ed4025451ee4bb0eb40c01020bd52fde463b255b5ab66241f8aafda5ea38f9c86522697d8a4890b1ea6a37eb8a004d29eeb739bd0

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXT:zW6ncoyqOp6IsTl/mXT

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks