General
-
Target
tglegeyisx.msi
-
Size
68.5MB
-
Sample
231021-qv3qbseh3z
-
MD5
7fcdf7fefd44f5ff6b2fb8f7321126ee
-
SHA1
7006e152de007233ffec79d36ca5d28f97bd782f
-
SHA256
fa25b21a26a3948029b35d40220086eae0ad051868ec3eaed126cf83dd94c295
-
SHA512
551feb0ff933d1281ce084a39d8eb99fda3b354f9bfe2a349a314fba4699d11f187d49743c9d75ea6d3191312d54cd00684fd16948b6120b12f511baff337a7b
-
SSDEEP
1572864:6fOXkTzXMNT5ifOwnIZvUtLm7sJYQFjZUF:W5zcifO7WtLmYY2jZUF
Malware Config
Targets
-
-
Target
tglegeyisx.msi
-
Size
68.5MB
-
MD5
7fcdf7fefd44f5ff6b2fb8f7321126ee
-
SHA1
7006e152de007233ffec79d36ca5d28f97bd782f
-
SHA256
fa25b21a26a3948029b35d40220086eae0ad051868ec3eaed126cf83dd94c295
-
SHA512
551feb0ff933d1281ce084a39d8eb99fda3b354f9bfe2a349a314fba4699d11f187d49743c9d75ea6d3191312d54cd00684fd16948b6120b12f511baff337a7b
-
SSDEEP
1572864:6fOXkTzXMNT5ifOwnIZvUtLm7sJYQFjZUF:W5zcifO7WtLmYY2jZUF
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
UAC bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1