General

  • Target

    7e4994551b3ac69cc98aa77b4d4ecd77af52eb83f29710d14f798a7b2d56308d

  • Size

    520KB

  • Sample

    250314-elca8svns6

  • MD5

    082b85e03c3153281a8e48d57811afb3

  • SHA1

    096811ca9650047e42f246fd4c6cb9ca8aac25a2

  • SHA256

    7e4994551b3ac69cc98aa77b4d4ecd77af52eb83f29710d14f798a7b2d56308d

  • SHA512

    7528c866d0d12fa9bfabfa39aa94ca2ec146a6fc4051526c96967b7c71b9faf3f1d1d05efc7832129321a2eeffa03f2a78f913dc1b0b5cbd2d8e1892b959efa4

  • SSDEEP

    12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXd:zW6ncoyqOp6IsTl/mXd

Malware Config

Targets

    • Target

      7e4994551b3ac69cc98aa77b4d4ecd77af52eb83f29710d14f798a7b2d56308d

    • Size

      520KB

    • MD5

      082b85e03c3153281a8e48d57811afb3

    • SHA1

      096811ca9650047e42f246fd4c6cb9ca8aac25a2

    • SHA256

      7e4994551b3ac69cc98aa77b4d4ecd77af52eb83f29710d14f798a7b2d56308d

    • SHA512

      7528c866d0d12fa9bfabfa39aa94ca2ec146a6fc4051526c96967b7c71b9faf3f1d1d05efc7832129321a2eeffa03f2a78f913dc1b0b5cbd2d8e1892b959efa4

    • SSDEEP

      12288:zW6n3sX4yCFr2ZemYOpSPIsGWeKZl4q7sioXd:zW6ncoyqOp6IsTl/mXd

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks