General

  • Target

    6618187617678646e77d4e9859138a73ec33623b4728ba7a5de408c51e4315ff

  • Size

    421KB

  • Sample

    230316-mdn9tsad45

  • MD5

    6ad7891db85a7aaed99fb139e9bb862d

  • SHA1

    a75afe48d74d8e6288415823ee1900347e8bfbeb

  • SHA256

    6618187617678646e77d4e9859138a73ec33623b4728ba7a5de408c51e4315ff

  • SHA512

    213578deef3808a9e9a58d21aa63189a586829b51da41dcc68625c2dc6861ec7f647d7bd9d8e2f589be18c3cd9e44b9802126ba3af814b9cd57751ca51c7d39f

  • SSDEEP

    6144:uIqVIVeUNiZk4zXX3thxTJ0yy4rlwWvKFwPzcdN72/tUTSiZ29Go/wncTN:9qVIkUNiZfHH9O/wz42FE292nm

Malware Config

Targets

    • Target

      6618187617678646e77d4e9859138a73ec33623b4728ba7a5de408c51e4315ff

    • Size

      421KB

    • MD5

      6ad7891db85a7aaed99fb139e9bb862d

    • SHA1

      a75afe48d74d8e6288415823ee1900347e8bfbeb

    • SHA256

      6618187617678646e77d4e9859138a73ec33623b4728ba7a5de408c51e4315ff

    • SHA512

      213578deef3808a9e9a58d21aa63189a586829b51da41dcc68625c2dc6861ec7f647d7bd9d8e2f589be18c3cd9e44b9802126ba3af814b9cd57751ca51c7d39f

    • SSDEEP

      6144:uIqVIVeUNiZk4zXX3thxTJ0yy4rlwWvKFwPzcdN72/tUTSiZ29Go/wncTN:9qVIkUNiZfHH9O/wz42FE292nm

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks