General

  • Target

    e07de0ae767f1f150d58d7ad9b6113e62787a2d891a12a05bc2ad4fc0379f7ea

  • Size

    405KB

  • Sample

    250315-mnd7ls1wfz

  • MD5

    79b80c98c70a9d86e2bb97b24855e357

  • SHA1

    606dfcb3e870f051839bd1570aefb463fd54e86d

  • SHA256

    e07de0ae767f1f150d58d7ad9b6113e62787a2d891a12a05bc2ad4fc0379f7ea

  • SHA512

    64988f9a88ad647df732eb102238617104675fd66dbf0af5897c2125e8a30a423750ac0dfeb3ff2b4df0d65f86717e428e2526c1b82624ae2ea3ad1cfa1063a2

  • SSDEEP

    6144:foYn9sE89XKTK/J6brj3nmHWrt63P5A9GJ6vbmF4ifKyjlKI4r3mzzrLVIo8ZJrx:ZsNDBIrCHWux6iFTJf4r2zPBv8Xi8xSY

Malware Config

Targets

    • Target

      e07de0ae767f1f150d58d7ad9b6113e62787a2d891a12a05bc2ad4fc0379f7ea

    • Size

      405KB

    • MD5

      79b80c98c70a9d86e2bb97b24855e357

    • SHA1

      606dfcb3e870f051839bd1570aefb463fd54e86d

    • SHA256

      e07de0ae767f1f150d58d7ad9b6113e62787a2d891a12a05bc2ad4fc0379f7ea

    • SHA512

      64988f9a88ad647df732eb102238617104675fd66dbf0af5897c2125e8a30a423750ac0dfeb3ff2b4df0d65f86717e428e2526c1b82624ae2ea3ad1cfa1063a2

    • SSDEEP

      6144:foYn9sE89XKTK/J6brj3nmHWrt63P5A9GJ6vbmF4ifKyjlKI4r3mzzrLVIo8ZJrx:ZsNDBIrCHWux6iFTJf4r2zPBv8Xi8xSY

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks