General
-
Target
035bd15c1fcd06401b17159bee410606e2792e06e17d8bafb3b6fe6590bdc0e4
-
Size
475KB
-
Sample
230523-xyjj7agh42
-
MD5
26e28b0d5e50624d2597ae65cdd41dd5
-
SHA1
22df9e9c2b453f5126d01058fdd2c063c7ca6e8c
-
SHA256
035bd15c1fcd06401b17159bee410606e2792e06e17d8bafb3b6fe6590bdc0e4
-
SHA512
319c6b6f02b3ac23e8c8432d05c8f11c28fd4d29c4b9fba10e50ec9fa48c8f13b823aa6035ad21afd7ab04d99d217931b5cec8c2c925094f22631cd6fe57c9f6
-
SSDEEP
12288:Td4feexfPFg3nyXkeiv7LDe5tBJ/fsdSUHCrp9VX:9EOXUkegvDeTj0dSUH2p9VX
Static task
static1
Behavioral task
behavioral1
Sample
035bd15c1fcd06401b17159bee410606e2792e06e17d8bafb3b6fe6590bdc0e4.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
035bd15c1fcd06401b17159bee410606e2792e06e17d8bafb3b6fe6590bdc0e4
-
Size
475KB
-
MD5
26e28b0d5e50624d2597ae65cdd41dd5
-
SHA1
22df9e9c2b453f5126d01058fdd2c063c7ca6e8c
-
SHA256
035bd15c1fcd06401b17159bee410606e2792e06e17d8bafb3b6fe6590bdc0e4
-
SHA512
319c6b6f02b3ac23e8c8432d05c8f11c28fd4d29c4b9fba10e50ec9fa48c8f13b823aa6035ad21afd7ab04d99d217931b5cec8c2c925094f22631cd6fe57c9f6
-
SSDEEP
12288:Td4feexfPFg3nyXkeiv7LDe5tBJ/fsdSUHCrp9VX:9EOXUkegvDeTj0dSUH2p9VX
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-