General
-
Target
7463b9c1af2f5fcd58af73174578bf975096d57a02c4fa540c6c0c7036b76661
-
Size
366KB
-
Sample
230530-hgk95aga9x
-
MD5
c3d2911ec7e52a444fc50625fde68a9c
-
SHA1
599d28354e5457b72b890c3ac8019c290afba12b
-
SHA256
7463b9c1af2f5fcd58af73174578bf975096d57a02c4fa540c6c0c7036b76661
-
SHA512
10edc49de929d91953541a3c645f3394b2af8c2b297f8bbf125fa32239f64b9f0c0f2341e203ae77d214b0c72e4abc05bce1375ff979c56fc6df50a85b36d70c
-
SSDEEP
6144:GrBOB+uGxcgrA36+XTs/3QWMGQym+EI7gTJ6VzXPCXpMzshxbuzKJgvuwsCqVwye:G3zrA9s/3QWiymWgV6VLRSwKAuwqwypI
Malware Config
Targets
-
-
Target
7463b9c1af2f5fcd58af73174578bf975096d57a02c4fa540c6c0c7036b76661
-
Size
366KB
-
MD5
c3d2911ec7e52a444fc50625fde68a9c
-
SHA1
599d28354e5457b72b890c3ac8019c290afba12b
-
SHA256
7463b9c1af2f5fcd58af73174578bf975096d57a02c4fa540c6c0c7036b76661
-
SHA512
10edc49de929d91953541a3c645f3394b2af8c2b297f8bbf125fa32239f64b9f0c0f2341e203ae77d214b0c72e4abc05bce1375ff979c56fc6df50a85b36d70c
-
SSDEEP
6144:GrBOB+uGxcgrA36+XTs/3QWMGQym+EI7gTJ6VzXPCXpMzshxbuzKJgvuwsCqVwye:G3zrA9s/3QWiymWgV6VLRSwKAuwqwypI
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-