General
-
Target
a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda.exe
-
Size
146KB
-
Sample
230614-kq2dtafc8w
-
MD5
0558b31bd9e3e8233ca74837754882d7
-
SHA1
a4bcad094372c9348bce850034a028460d19b0a6
-
SHA256
a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda
-
SHA512
4e8cb6bcd0b74b5508ee211fb2d7796fc5177d3b10fdc3283614ae872bd4cfa32d80648e35c79b2b2b3fa867eadcce4e706301f6e716e46fddefca08eeb1fb04
-
SSDEEP
3072:GB1Q3LeTWmL359vd0OmS7ok57ORL2G4kOqOcPxab/gp2pFuuxE6l/:E1WeTWmLp9vd0Om6B57ORaG4Rqh51p2q
Malware Config
Targets
-
-
Target
a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda.exe
-
Size
146KB
-
MD5
0558b31bd9e3e8233ca74837754882d7
-
SHA1
a4bcad094372c9348bce850034a028460d19b0a6
-
SHA256
a95737adb2cd7b1af2291d143200a82d8d32a868c64fb4acc542608f56a0aeda
-
SHA512
4e8cb6bcd0b74b5508ee211fb2d7796fc5177d3b10fdc3283614ae872bd4cfa32d80648e35c79b2b2b3fa867eadcce4e706301f6e716e46fddefca08eeb1fb04
-
SSDEEP
3072:GB1Q3LeTWmL359vd0OmS7ok57ORL2G4kOqOcPxab/gp2pFuuxE6l/:E1WeTWmLp9vd0Om6B57ORaG4Rqh51p2q
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Registers new Print Monitor
-
Deletes itself
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-