General
-
Target
167affb2b2d7cef7808cbf33560df5d32ade2c73ec2fdac8cd37221d9f3bf435
-
Size
37KB
-
Sample
221128-t9hv9ahh78
-
MD5
d652d64c99edd2c1b0a97e0128abf75c
-
SHA1
16d53172333b8b964d55f898fe67dcf109dd71a8
-
SHA256
167affb2b2d7cef7808cbf33560df5d32ade2c73ec2fdac8cd37221d9f3bf435
-
SHA512
b9c603e4d0817c82644f630d6ddabb659e817484437d55bdd9d28f49a465996680a9a0545666d56cb46efab90b142cbba7817c9df04fbeff921807b47b96678b
-
SSDEEP
768:liFz0DRrAJ42J9I/xSZOub7/jdWHRdxnsm474W0HMeAi6bO3it2:w1H9Gx8OubfdWHRrstOVAipiY
Behavioral task
behavioral1
Sample
167affb2b2d7cef7808cbf33560df5d32ade2c73ec2fdac8cd37221d9f3bf435.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
167affb2b2d7cef7808cbf33560df5d32ade2c73ec2fdac8cd37221d9f3bf435.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
167affb2b2d7cef7808cbf33560df5d32ade2c73ec2fdac8cd37221d9f3bf435
-
Size
37KB
-
MD5
d652d64c99edd2c1b0a97e0128abf75c
-
SHA1
16d53172333b8b964d55f898fe67dcf109dd71a8
-
SHA256
167affb2b2d7cef7808cbf33560df5d32ade2c73ec2fdac8cd37221d9f3bf435
-
SHA512
b9c603e4d0817c82644f630d6ddabb659e817484437d55bdd9d28f49a465996680a9a0545666d56cb46efab90b142cbba7817c9df04fbeff921807b47b96678b
-
SSDEEP
768:liFz0DRrAJ42J9I/xSZOub7/jdWHRdxnsm474W0HMeAi6bO3it2:w1H9Gx8OubfdWHRrstOVAipiY
Score10/10-
Detect Blackmoon payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-