General
-
Target
1d381bb52634f826.exe
-
Size
285KB
-
Sample
230616-kbqzjadh79
-
MD5
e72c60640dbe31fce8b08d8190282763
-
SHA1
476fd543dbb50cd60ea189369cc5014c1b7811d4
-
SHA256
0582b53407ec1509be024523fc82ac8a1d528bd670e931542f81dea17e347bc4
-
SHA512
19a40c4ff023a8109bb9b9c5cadd3e5a1b257ecab5c53fe7bb07520f8e8984d6128bad68863b54a23cf1982a2b6e0ae7fedc8375fab4033a7eaf4436f0ee6b92
-
SSDEEP
6144:LMYVjTqJ0dIS8l2I9FIs5oGHs+xgjhK2BV+L0CNCWiZnDoS:LMYpqMIfTKd+xYBAL0CALDoS
Malware Config
Targets
-
-
Target
1d381bb52634f826.exe
-
Size
285KB
-
MD5
e72c60640dbe31fce8b08d8190282763
-
SHA1
476fd543dbb50cd60ea189369cc5014c1b7811d4
-
SHA256
0582b53407ec1509be024523fc82ac8a1d528bd670e931542f81dea17e347bc4
-
SHA512
19a40c4ff023a8109bb9b9c5cadd3e5a1b257ecab5c53fe7bb07520f8e8984d6128bad68863b54a23cf1982a2b6e0ae7fedc8375fab4033a7eaf4436f0ee6b92
-
SSDEEP
6144:LMYVjTqJ0dIS8l2I9FIs5oGHs+xgjhK2BV+L0CNCWiZnDoS:LMYpqMIfTKd+xYBAL0CALDoS
-
Detect Blackmoon payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-