General

  • Target

    73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea

  • Size

    1.9MB

  • Sample

    230630-yrt8saff3x

  • MD5

    155ee7ec57a139a0b761f17ea03e9963

  • SHA1

    d06e28649230663f10cf802707d0652b2ab31aee

  • SHA256

    73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea

  • SHA512

    2e2fdacf3926c32ff05c6b0138a915e8206f88b20a6347062e8fde3ec17c117a7fbd24af126d5fe2d34feb636f9732101ecdf1f8b2f4d3e28c241b1a2d7d66ba

  • SSDEEP

    49152:3zw+vjUmjI1U9K1q3uoX8LVFSe3E4zANDCp1:3zw+vwYYn0YRYwANDCp1

Malware Config

Targets

    • Target

      73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea

    • Size

      1.9MB

    • MD5

      155ee7ec57a139a0b761f17ea03e9963

    • SHA1

      d06e28649230663f10cf802707d0652b2ab31aee

    • SHA256

      73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea

    • SHA512

      2e2fdacf3926c32ff05c6b0138a915e8206f88b20a6347062e8fde3ec17c117a7fbd24af126d5fe2d34feb636f9732101ecdf1f8b2f4d3e28c241b1a2d7d66ba

    • SSDEEP

      49152:3zw+vjUmjI1U9K1q3uoX8LVFSe3E4zANDCp1:3zw+vwYYn0YRYwANDCp1

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks