General
-
Target
e40ff54703afb18f3a669049439eb708fac0fd7659d28567da4bb274afea8ae4
-
Size
1.2MB
-
Sample
230816-kd71tsah51
-
MD5
70fb449a2328bf730386a35399469ea3
-
SHA1
9367f755673089bf266a0f8826296c9c777ed3e8
-
SHA256
e40ff54703afb18f3a669049439eb708fac0fd7659d28567da4bb274afea8ae4
-
SHA512
ffb0d300f2d08999cf38faaf41f417acf2da086b771357745bd06fb6aeed37b0ed5d5325dde7db83b7cc938b5ff24cb439b51e4a63ccd6fb5dbf61b406ab5c42
-
SSDEEP
24576:k4lk9PBdkvKZu0PKNMiGRuOLz98/cZan4D/ZtQ7tNg9hVu72YH6:WdkvKZANMimuC8/cZcKZ8tKHVu77H6
Malware Config
Targets
-
-
Target
e40ff54703afb18f3a669049439eb708fac0fd7659d28567da4bb274afea8ae4
-
Size
1.2MB
-
MD5
70fb449a2328bf730386a35399469ea3
-
SHA1
9367f755673089bf266a0f8826296c9c777ed3e8
-
SHA256
e40ff54703afb18f3a669049439eb708fac0fd7659d28567da4bb274afea8ae4
-
SHA512
ffb0d300f2d08999cf38faaf41f417acf2da086b771357745bd06fb6aeed37b0ed5d5325dde7db83b7cc938b5ff24cb439b51e4a63ccd6fb5dbf61b406ab5c42
-
SSDEEP
24576:k4lk9PBdkvKZu0PKNMiGRuOLz98/cZan4D/ZtQ7tNg9hVu72YH6:WdkvKZANMimuC8/cZcKZ8tKHVu77H6
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-