General
-
Target
10091288142.zip
-
Size
3.7MB
-
Sample
230414-zj71cabg72
-
MD5
f49e692b1c0f3ad4404c12d64133b00d
-
SHA1
675253411af6bd119866c4aba7e092ae05292d80
-
SHA256
2c310264f618891a79f8ced977a2398f87f1030d4852b3e176878b4b31cf9d6b
-
SHA512
e3ab72fb598d2d425a23bcc84a4ea69f960c8c9148a8ccbb84e8f9cd8308df18fecd7eaf6b3dd076d914e7a103652b4cf6e2beb4f2b03b1450098f2a1894b4b5
-
SSDEEP
98304:VdWprg/pmZeNCzT3fMYRc3zoZRHvDoyicY4:VCs/pm8yT3fpRc38/oyicY4
Malware Config
Targets
-
-
Target
ce9dcd1d760fdb5a9f5d0166a03d21acac1890b7db87f1f8f07e9db83e2eacaa
-
Size
6.9MB
-
MD5
3de8b7d91dbf9a81b81327bd4b5163e9
-
SHA1
422e3d7ecf94f38304718ef30c84cf6ea6ee23e0
-
SHA256
ce9dcd1d760fdb5a9f5d0166a03d21acac1890b7db87f1f8f07e9db83e2eacaa
-
SHA512
30aedf3573f0d0e0274d54b8f99e5b0df3a95d9854d425901c7d87d46f5bb59558b523ed859ab908c3a35e6f65a2a749ebb506a8a679e68b0c0fba1db805c084
-
SSDEEP
98304:+F0CJ9DlZB9GzQ8JBAUZLw5lNBNcwJJBAUZLWM:W5kJV6DJV
-
Detect Blackmoon payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-