General
-
Target
bfb8286490735f777b64ccdf4fa211e53b2ceb7a8d6cd1929760c211c58b972f
-
Size
355KB
-
Sample
230223-cr6qxsgc9x
-
MD5
8ede2c513718db9aff6af9e587b24410
-
SHA1
e32bcf8d62241a66ba3f748af0b505547b16de8c
-
SHA256
bfb8286490735f777b64ccdf4fa211e53b2ceb7a8d6cd1929760c211c58b972f
-
SHA512
d2bdf4ffe8ca3905f08da6a88d0289c9a3699ccb78a6aa03b294aac413fe340ee773946896e27a333867636d4974828ef62455b41fcbdd926ee0459304a04961
-
SSDEEP
6144:mhb8VSeoQZP0MPkUonj5tQHTFdkelDnUEA6Fyz1+KqW40D1Kp4StY6Vw7uX:2IweoQR0MPktjsHUZeWD0Z7VQ
Malware Config
Targets
-
-
Target
bfb8286490735f777b64ccdf4fa211e53b2ceb7a8d6cd1929760c211c58b972f
-
Size
355KB
-
MD5
8ede2c513718db9aff6af9e587b24410
-
SHA1
e32bcf8d62241a66ba3f748af0b505547b16de8c
-
SHA256
bfb8286490735f777b64ccdf4fa211e53b2ceb7a8d6cd1929760c211c58b972f
-
SHA512
d2bdf4ffe8ca3905f08da6a88d0289c9a3699ccb78a6aa03b294aac413fe340ee773946896e27a333867636d4974828ef62455b41fcbdd926ee0459304a04961
-
SSDEEP
6144:mhb8VSeoQZP0MPkUonj5tQHTFdkelDnUEA6Fyz1+KqW40D1Kp4StY6Vw7uX:2IweoQR0MPktjsHUZeWD0Z7VQ
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-