General
-
Target
4f4b997c17d380132ce9437a371cabb2ddcb8d8a637cd470765a049eb26de6cf
-
Size
76KB
-
Sample
230224-zqq1eaah35
-
MD5
428222d6663806be3d23d7a8ee6fe8ee
-
SHA1
a76991906614dc0c327012a27502e0bd9fd56fc3
-
SHA256
4f4b997c17d380132ce9437a371cabb2ddcb8d8a637cd470765a049eb26de6cf
-
SHA512
45d9ec0fdb7274107d15f01b263eff9550cd68da6af383455a5910e658781223014b2646df5894d17175f61fdfe8acac389b445f0f48609fbbe2a9be13863395
-
SSDEEP
1536:+DQUJYmsvQHy/qisuJKYW9m/Fg/Xeh32IdzZAfro9g0JHkWo2N6:BoYb4SZKYUYFk63hzZKUC1WoK
Malware Config
Targets
-
-
Target
4f4b997c17d380132ce9437a371cabb2ddcb8d8a637cd470765a049eb26de6cf
-
Size
76KB
-
MD5
428222d6663806be3d23d7a8ee6fe8ee
-
SHA1
a76991906614dc0c327012a27502e0bd9fd56fc3
-
SHA256
4f4b997c17d380132ce9437a371cabb2ddcb8d8a637cd470765a049eb26de6cf
-
SHA512
45d9ec0fdb7274107d15f01b263eff9550cd68da6af383455a5910e658781223014b2646df5894d17175f61fdfe8acac389b445f0f48609fbbe2a9be13863395
-
SSDEEP
1536:+DQUJYmsvQHy/qisuJKYW9m/Fg/Xeh32IdzZAfro9g0JHkWo2N6:BoYb4SZKYUYFk63hzZKUC1WoK
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-