General
-
Target
514e0cd471b6e2065a13931a2f75c586d419b1d68f32d4ea16309eed28e608f5 (1).7z
-
Size
372KB
-
Sample
230526-czjlcsea9z
-
MD5
a4490380a997c36479dc0ae6cd4d4b41
-
SHA1
453f8feb0c504219d2e28b7887e4b78575b8a046
-
SHA256
c0b78a59daf60b8dbd191a3c6b6ef6b6e64a365c447daffca3cb5a3779afe00d
-
SHA512
77b91baf8b6e6835850528094e245a7805f98cba77e4c14bf8a38cc699fdb74ffeca7e87afb106747bfc73f9c49adbfead6b786f815badfdfbc595f9c43a879e
-
SSDEEP
6144:k3Y/lKmtXPL0iDHmnscPGkuhGnY944jdrH/sqdQjuD2nUMV8AtuSnAWaCtN51Sqd:k3Y9XPLP7mnvPGkwlxjlH/pdQjaK8AtZ
Static task
static1
Behavioral task
behavioral1
Sample
514e0cd471b6e2065a13931a2f75c586d419b1d68f32d4ea16309eed28e608f5 (1)/514e0cd471b6e2065a13931a2f75c58.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
514e0cd471b6e2065a13931a2f75c586d419b1d68f32d4ea16309eed28e608f5 (1)/514e0cd471b6e2065a13931a2f75c586d419b1d68f32d4ea16309eed28e608f5
-
Size
844KB
-
MD5
07979781449b4a4de757c980a2368412
-
SHA1
811fe4940f1eac767a5912922b4b3001b0dfb2f9
-
SHA256
514e0cd471b6e2065a13931a2f75c586d419b1d68f32d4ea16309eed28e608f5
-
SHA512
4cb87e513e2d9ebf9be7aaf22dda491c55670b9861a10ea4011b5133ed4d1901dd573890d3696816ed89aec4cecf906b13b69a95ee0e36701498f8a5710606c7
-
SSDEEP
12288:bRZ5tsO2zUoq8qRgAH3yaCFoGvDoy2iAnRItlu4k7kO:bRZ5tsO2wohqqAXTCURmlO
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-