General
-
Target
123.zip
-
Size
534KB
-
Sample
230331-fy8qmsaa8t
-
MD5
3d514fc394bdb247165fdd6022990e0d
-
SHA1
5d4a91ad08a9475d2b8a2700b29fe2b84f94762d
-
SHA256
fc2da18b286a09577e87876c4f789590f3bca1d9a5e2477f77542a094e3d9b4a
-
SHA512
61f3a55241ecfbd7e5df4a4c72776e3d81f1cb95ac1cef8f6a10ec3c998d6eb1f1763aa0f1df0fd632ec8fcfd5bb10bfee7f03b0aa51127788d57eff2b90e498
-
SSDEEP
12288:Vk1meFvHN6Uzt4ejjEUusD29HW9zmN/QcyQghQbBdB:VgpQ6DUYDroIcKabBz
Malware Config
Targets
-
-
Target
27163309.exe
-
Size
964KB
-
MD5
6808aea60d1be28a1d7e24570a03b206
-
SHA1
5f7485e994a024e0bb13ef9c5dc316bd2f55d06e
-
SHA256
c9a4baae5adc1ce17e2c27a7aa04a9880cbc7ea0f347a3450edabca7f2494721
-
SHA512
ec65184c184f74d834ce54be5981f59abbf0656755db72e18fa20bd15b003d163ab36fa09f22bbb97836c33ba7f990d5a1f7afaf032d7f85f391c0bb746c5f84
-
SSDEEP
24576:PnsJ39LyjbJkQFMhmC+6GD91ztJFimsiPo:PnsHyjtk2MYC5GD3zzFzHQ
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-