General

  • Target

    ee5f43c81127af7c55cf94599ae17777fbc7a7bb7d059b830349e2b9c275f642

  • Size

    514KB

  • Sample

    230602-yy9xtaeg3w

  • MD5

    b13392a05917316585959b7d166a3732

  • SHA1

    0f969fd094615d20e51f11aa1a65e4301d365948

  • SHA256

    ee5f43c81127af7c55cf94599ae17777fbc7a7bb7d059b830349e2b9c275f642

  • SHA512

    2895df0ad78785dc8a51da8b1c87e6299b2eff1a0c26a982fcb0fe8f556b536305361ab3a7c1944665a19345145a9276f25c4bc7e0e826a2633b52b435da1ad8

  • SSDEEP

    12288:kv5JI23GIqqfOec2Y00I0mBW8En+eVp9TgLNAi:kw2Xqqmec2YIDq+eVneAi

Malware Config

Targets

    • Target

      ee5f43c81127af7c55cf94599ae17777fbc7a7bb7d059b830349e2b9c275f642

    • Size

      514KB

    • MD5

      b13392a05917316585959b7d166a3732

    • SHA1

      0f969fd094615d20e51f11aa1a65e4301d365948

    • SHA256

      ee5f43c81127af7c55cf94599ae17777fbc7a7bb7d059b830349e2b9c275f642

    • SHA512

      2895df0ad78785dc8a51da8b1c87e6299b2eff1a0c26a982fcb0fe8f556b536305361ab3a7c1944665a19345145a9276f25c4bc7e0e826a2633b52b435da1ad8

    • SSDEEP

      12288:kv5JI23GIqqfOec2Y00I0mBW8En+eVp9TgLNAi:kw2Xqqmec2YIDq+eVneAi

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Tasks