General
-
Target
96eb5b54c20c274606619e2cdfb80d9e2e787b4ed35f1ba65bfde13670e19e82
-
Size
95KB
-
Sample
230224-zkmqssaf3w
-
MD5
a675308ff8839aaa8dae0e6fa814f4d9
-
SHA1
aee241ca2c27908045a817e7816b6137d65d9a84
-
SHA256
96eb5b54c20c274606619e2cdfb80d9e2e787b4ed35f1ba65bfde13670e19e82
-
SHA512
6dc636f22950e3984a0ff7c739abab46c78669a4b4b78768cff717f0d552b75530672a3ef545d7e975537f17ecf9f57b429aef3dda85dbce25cf9560f2c81b21
-
SSDEEP
1536:F9YbOxBPcXIbOEpcak1RbAHKPHYx7n8U/xdqh/Hvzb2Vp7aUZp7wy0NKFPW3e:Zxc6OEpgAHKE7n8U/xYhvbb2Vp7aUj7+
Behavioral task
behavioral1
Sample
96eb5b54c20c274606619e2cdfb80d9e2e787b4ed35f1ba65bfde13670e19e82.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
96eb5b54c20c274606619e2cdfb80d9e2e787b4ed35f1ba65bfde13670e19e82
-
Size
95KB
-
MD5
a675308ff8839aaa8dae0e6fa814f4d9
-
SHA1
aee241ca2c27908045a817e7816b6137d65d9a84
-
SHA256
96eb5b54c20c274606619e2cdfb80d9e2e787b4ed35f1ba65bfde13670e19e82
-
SHA512
6dc636f22950e3984a0ff7c739abab46c78669a4b4b78768cff717f0d552b75530672a3ef545d7e975537f17ecf9f57b429aef3dda85dbce25cf9560f2c81b21
-
SSDEEP
1536:F9YbOxBPcXIbOEpcak1RbAHKPHYx7n8U/xdqh/Hvzb2Vp7aUZp7wy0NKFPW3e:Zxc6OEpgAHKE7n8U/xYhvbb2Vp7aUj7+
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-