General

  • Target

    开票凭证.exe_

  • Size

    1.3MB

  • Sample

    221207-c6s4dabd3x

  • MD5

    1c60e7207e61db844a6370cf1b622df0

  • SHA1

    449073517012b23429415e7c3c5c612c110c2e2e

  • SHA256

    a88e5a2f31e79c432851db48a9124a1314c0abd99ffa25594c1fbbd9bb0fc7eb

  • SHA512

    709786d275fc5d05dc6853fe897b6903a441441a1929bbe67181344117a8bdec5b705bbcac9b39ff2258761c935b7fcd4f485c4885fa4fd4a251d36a538f5b39

  • SSDEEP

    12288:8b+u1K85aSELSNGbJKwAVzu18UaxIMY9TV5nI/Foi+L7vtf3on:xu2SXNGbswABu6UDTV5n2Fw7vtf3on

Malware Config

Targets

    • Target

      开票凭证.exe_

    • Size

      1.3MB

    • MD5

      1c60e7207e61db844a6370cf1b622df0

    • SHA1

      449073517012b23429415e7c3c5c612c110c2e2e

    • SHA256

      a88e5a2f31e79c432851db48a9124a1314c0abd99ffa25594c1fbbd9bb0fc7eb

    • SHA512

      709786d275fc5d05dc6853fe897b6903a441441a1929bbe67181344117a8bdec5b705bbcac9b39ff2258761c935b7fcd4f485c4885fa4fd4a251d36a538f5b39

    • SSDEEP

      12288:8b+u1K85aSELSNGbJKwAVzu18UaxIMY9TV5nI/Foi+L7vtf3on:xu2SXNGbswABu6UDTV5n2Fw7vtf3on

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks