General
-
Target
af831bff9f27dca7c2595819bd77f4b0cdbd477ae0482d7e80517f8e6364086b
-
Size
422KB
-
Sample
230314-evkc7sfd2y
-
MD5
749e55e9bf42bac10f00077e595fae36
-
SHA1
006f4dc6c68f57dde5f658df051f36e66d3ad33b
-
SHA256
af831bff9f27dca7c2595819bd77f4b0cdbd477ae0482d7e80517f8e6364086b
-
SHA512
5772a0cde2c36ac97fc668d9d3e0612df693c202ccf20cd9c5680052236fe399f1bb8f9789328cee8f2d0b95969bbe2ad2b38b3f3dbbf208f54928a76cdb8adf
-
SSDEEP
6144:qybCfaIxuvoVaLnHSG2ST97S4D3uRKFE6/47HJeauZ34XBDB:yxuSoSG2wFS4D3xEi4bJFf
Malware Config
Targets
-
-
Target
af831bff9f27dca7c2595819bd77f4b0cdbd477ae0482d7e80517f8e6364086b
-
Size
422KB
-
MD5
749e55e9bf42bac10f00077e595fae36
-
SHA1
006f4dc6c68f57dde5f658df051f36e66d3ad33b
-
SHA256
af831bff9f27dca7c2595819bd77f4b0cdbd477ae0482d7e80517f8e6364086b
-
SHA512
5772a0cde2c36ac97fc668d9d3e0612df693c202ccf20cd9c5680052236fe399f1bb8f9789328cee8f2d0b95969bbe2ad2b38b3f3dbbf208f54928a76cdb8adf
-
SSDEEP
6144:qybCfaIxuvoVaLnHSG2ST97S4D3uRKFE6/47HJeauZ34XBDB:yxuSoSG2wFS4D3xEi4bJFf
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-