General
-
Target
f17a32f959519edf781370c452c995e99c3c1b67049204a0ff010a377d3a0c5c
-
Size
359KB
-
Sample
230602-ywjylsec29
-
MD5
38c7439ad0a854c40af9f60532a5d082
-
SHA1
46119a9614ceb26cb9259365367918adfe1171c4
-
SHA256
f17a32f959519edf781370c452c995e99c3c1b67049204a0ff010a377d3a0c5c
-
SHA512
347241e51f442ccf4d74b79c192d401a928e20c557a4b51981d0d95c3e07be62e6fdb71746bd995b7d28c309f5c0eaf8f2cee6304c8423f5ad6f5ad9c4861e31
-
SSDEEP
6144:niF5O8bZk/FwD82Hdmg0Vy7uN5CVXrioW4YEBRVtat/l5r:no5D9k/+/iv2FYEzVtaD5r
Static task
static1
Behavioral task
behavioral1
Sample
f17a32f959519edf781370c452c995e99c3c1b67049204a0ff010a377d3a0c5c.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
f17a32f959519edf781370c452c995e99c3c1b67049204a0ff010a377d3a0c5c
-
Size
359KB
-
MD5
38c7439ad0a854c40af9f60532a5d082
-
SHA1
46119a9614ceb26cb9259365367918adfe1171c4
-
SHA256
f17a32f959519edf781370c452c995e99c3c1b67049204a0ff010a377d3a0c5c
-
SHA512
347241e51f442ccf4d74b79c192d401a928e20c557a4b51981d0d95c3e07be62e6fdb71746bd995b7d28c309f5c0eaf8f2cee6304c8423f5ad6f5ad9c4861e31
-
SSDEEP
6144:niF5O8bZk/FwD82Hdmg0Vy7uN5CVXrioW4YEBRVtat/l5r:no5D9k/+/iv2FYEzVtaD5r
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-