General
-
Target
oreki.exe
-
Size
673KB
-
Sample
230702-fld1habg7w
-
MD5
2284c315e2528e666ade79b75a0371cd
-
SHA1
47e5af85d7ee5f3742837fbfe7f088f954e4ccac
-
SHA256
ec36faf4a4d8329b10ac75b3b6c815cd041c62918eb1c9efb7adeea8e88e8744
-
SHA512
cc0b76f20e36fe8425742715f87a0364c371ca6b4557ad754a9b802cbaa556f59fa8d3adabdba0081f8ae64cdfe402104fa56822c5e76d06517c58fce28426a0
-
SSDEEP
12288:w4cVWcj9yXy13MiG6UvbZ61pccDFT0iqgsI8em8O+1qI:w4apyCOZuCc9LHm8O+
Behavioral task
behavioral1
Sample
oreki.exe
Resource
win7-20230621-en
Malware Config
Targets
-
-
Target
oreki.exe
-
Size
673KB
-
MD5
2284c315e2528e666ade79b75a0371cd
-
SHA1
47e5af85d7ee5f3742837fbfe7f088f954e4ccac
-
SHA256
ec36faf4a4d8329b10ac75b3b6c815cd041c62918eb1c9efb7adeea8e88e8744
-
SHA512
cc0b76f20e36fe8425742715f87a0364c371ca6b4557ad754a9b802cbaa556f59fa8d3adabdba0081f8ae64cdfe402104fa56822c5e76d06517c58fce28426a0
-
SSDEEP
12288:w4cVWcj9yXy13MiG6UvbZ61pccDFT0iqgsI8em8O+1qI:w4apyCOZuCc9LHm8O+
-
Detect Blackmoon payload
-
Modifies RDP port number used by Windows
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-