General
-
Target
73f441ee6b8599e6015342a826f789793038682cf7f3d48a444d1ab01a534f2c
-
Size
852KB
-
Sample
230522-s9wlnshd52
-
MD5
ae73d7ca07d27677da8239afb45adaa4
-
SHA1
3cbe681fb0d533fbbcc52b49acd6a70632b463de
-
SHA256
73f441ee6b8599e6015342a826f789793038682cf7f3d48a444d1ab01a534f2c
-
SHA512
d05178779096ccbee0d851e4e735b541c8d43ad24712beb29767133b907b760540a75bf208a3a5e7c3a7f3fdf85b5c891d16a68fe40fb5678bcdd58099e20019
-
SSDEEP
24576:OAdhOMtjg24rUcyu5VPVHRTDe8wjP47uk:OAdh922vu5V1Ra8wjA7u
Static task
static1
Behavioral task
behavioral1
Sample
73f441ee6b8599e6015342a826f789793038682cf7f3d48a444d1ab01a534f2c.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
73f441ee6b8599e6015342a826f789793038682cf7f3d48a444d1ab01a534f2c
-
Size
852KB
-
MD5
ae73d7ca07d27677da8239afb45adaa4
-
SHA1
3cbe681fb0d533fbbcc52b49acd6a70632b463de
-
SHA256
73f441ee6b8599e6015342a826f789793038682cf7f3d48a444d1ab01a534f2c
-
SHA512
d05178779096ccbee0d851e4e735b541c8d43ad24712beb29767133b907b760540a75bf208a3a5e7c3a7f3fdf85b5c891d16a68fe40fb5678bcdd58099e20019
-
SSDEEP
24576:OAdhOMtjg24rUcyu5VPVHRTDe8wjP47uk:OAdh922vu5V1Ra8wjA7u
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-