Overview

overview

10

Static

static

10

a95737adb2...da.exe

windows7-x64

10

a95737adb2...da.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda

  • Size

    146KB

  • Sample

    230614-kn5nfsfc51

  • MD5

    0558b31bd9e3e8233ca74837754882d7

  • SHA1

    a4bcad094372c9348bce850034a028460d19b0a6

  • SHA256

    a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda

  • SHA512

    4e8cb6bcd0b74b5508ee211fb2d7796fc5177d3b10fdc3283614ae872bd4cfa32d80648e35c79b2b2b3fa867eadcce4e706301f6e716e46fddefca08eeb1fb04

  • SSDEEP

    3072:GB1Q3LeTWmL359vd0OmS7ok57ORL2G4kOqOcPxab/gp2pFuuxE6l/:E1WeTWmLp9vd0Om6B57ORaG4Rqh51p2q

Score
10/10
blackmoongh0stratbankerpersistencerattrojanupx

Malware Config

Targets

    • Target

      a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda

    • Size

      146KB

    • MD5

      0558b31bd9e3e8233ca74837754882d7

    • SHA1

      a4bcad094372c9348bce850034a028460d19b0a6

    • SHA256

      a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda

    • SHA512

      4e8cb6bcd0b74b5508ee211fb2d7796fc5177d3b10fdc3283614ae872bd4cfa32d80648e35c79b2b2b3fa867eadcce4e706301f6e716e46fddefca08eeb1fb04

    • SSDEEP

      3072:GB1Q3LeTWmL359vd0OmS7ok57ORL2G4kOqOcPxab/gp2pFuuxE6l/:E1WeTWmLp9vd0Om6B57ORaG4Rqh51p2q

    Score
    10/10
    blackmoongh0stratbankerpersistencerattrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Registers new Print Monitor

      persistence

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks