General
-
Target
0742e1fa7a28f6e01b762d6bea8cdcd69f7df76e3c9b7cbee2f0ec597df96537
-
Size
79KB
-
Sample
230221-jt7vbsea86
-
MD5
125dcf998b3001997c02c5fe3f046160
-
SHA1
cb533b20cbf7cc196e0f52a3ba05a8b51b0bde14
-
SHA256
0742e1fa7a28f6e01b762d6bea8cdcd69f7df76e3c9b7cbee2f0ec597df96537
-
SHA512
bcf4237327d259a2e788fd2b6c8a71713c7397a96e09199fd0214ecd60826e490bb67920d3189c671f09c6a6bf91297396f1b36317b1298831ef504bfeac79f3
-
SSDEEP
1536:2CTjSdlEGKu/2OnbhTuuNfX9VrAu6niNDK5BvrXFGh2iIiWAh:2CTmrk9OnlCuNfbrL6iNDK5hXFQTI+
Malware Config
Targets
-
-
Target
0742e1fa7a28f6e01b762d6bea8cdcd69f7df76e3c9b7cbee2f0ec597df96537
-
Size
79KB
-
MD5
125dcf998b3001997c02c5fe3f046160
-
SHA1
cb533b20cbf7cc196e0f52a3ba05a8b51b0bde14
-
SHA256
0742e1fa7a28f6e01b762d6bea8cdcd69f7df76e3c9b7cbee2f0ec597df96537
-
SHA512
bcf4237327d259a2e788fd2b6c8a71713c7397a96e09199fd0214ecd60826e490bb67920d3189c671f09c6a6bf91297396f1b36317b1298831ef504bfeac79f3
-
SSDEEP
1536:2CTjSdlEGKu/2OnbhTuuNfX9VrAu6niNDK5BvrXFGh2iIiWAh:2CTmrk9OnlCuNfbrL6iNDK5hXFQTI+
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-