General
-
Target
kura.bin
-
Size
5.4MB
-
Sample
220710-qcmldsbefq
-
MD5
267b0895407346eedf5a755a2fcea505
-
SHA1
06acec975dfec0fa6447c429b1a3d8e5c6748ea2
-
SHA256
69e5ba03fcf8c3400542066d8acb6c5738e31bb7057db124757accee742c9836
-
SHA512
1c0ae6b81ffa3baba7bb25d6291177a1e235c40f7970e399f23e9f8361c28eaa6af4398e9f572ea1094e1cfe16ab659e198035e8478d2df6741be776c6f25a0b
Static task
static1
Behavioral task
behavioral1
Sample
kura.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
kura.bin
-
Size
5.4MB
-
MD5
267b0895407346eedf5a755a2fcea505
-
SHA1
06acec975dfec0fa6447c429b1a3d8e5c6748ea2
-
SHA256
69e5ba03fcf8c3400542066d8acb6c5738e31bb7057db124757accee742c9836
-
SHA512
1c0ae6b81ffa3baba7bb25d6291177a1e235c40f7970e399f23e9f8361c28eaa6af4398e9f572ea1094e1cfe16ab659e198035e8478d2df6741be776c6f25a0b
-
Detect Blackmoon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-