General
-
Target
ab2a6b6b702f08f2a0050046baf0e922706f3a852efa45c30f67563b4261a668
-
Size
784KB
-
Sample
230531-fdhzgsdc2x
-
MD5
89ccfc812eba006576d189948377e487
-
SHA1
a8eff5e4c81b71423d9b19b6dcb6f1cbe5a05a97
-
SHA256
ab2a6b6b702f08f2a0050046baf0e922706f3a852efa45c30f67563b4261a668
-
SHA512
e630c9980e82907e960ff9de6c2cb75cd649933297ad219979d7110aa3c2a8af6794ee189b0f5984311fbfe3ecc12c4c57c3c8328742ef015094f88f303b73bd
-
SSDEEP
12288:61jYS8aludL81AOxq/mTUSRwiiNtcEHEQp5bB3t3PeH1zdaXU3:6FYS8Wudw1AqoBvNDzNVByJaXg
Behavioral task
behavioral1
Sample
ab2a6b6b702f08f2a0050046baf0e922706f3a852efa45c30f67563b4261a668.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
ab2a6b6b702f08f2a0050046baf0e922706f3a852efa45c30f67563b4261a668
-
Size
784KB
-
MD5
89ccfc812eba006576d189948377e487
-
SHA1
a8eff5e4c81b71423d9b19b6dcb6f1cbe5a05a97
-
SHA256
ab2a6b6b702f08f2a0050046baf0e922706f3a852efa45c30f67563b4261a668
-
SHA512
e630c9980e82907e960ff9de6c2cb75cd649933297ad219979d7110aa3c2a8af6794ee189b0f5984311fbfe3ecc12c4c57c3c8328742ef015094f88f303b73bd
-
SSDEEP
12288:61jYS8aludL81AOxq/mTUSRwiiNtcEHEQp5bB3t3PeH1zdaXU3:6FYS8Wudw1AqoBvNDzNVByJaXg
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-