General
-
Target
f41127478f06c7ae7678e61ca05988789cbb78beb04d105cb5ddfc441d9aa630
-
Size
343KB
-
Sample
231121-l2x17sed6v
-
MD5
2ec3a66a0590ce7cfc2ef71e71635860
-
SHA1
062db91c2fcd8d0d7e44bf25e168bd0c0b0ff949
-
SHA256
f41127478f06c7ae7678e61ca05988789cbb78beb04d105cb5ddfc441d9aa630
-
SHA512
b0db83935fc32d4aac973225ee15f059c0c23d1cc2be8f32d6cb5689c216c8d0af64f7b62f7029dc3ec8dd16ff7639e826d5ff95277aa4302b03c1f5f61b8694
-
SSDEEP
6144:mCU/d3jO7xaRzfap6a3hTW1QZ6/uPKADFBWe0EbDP3dGbQXoh0W4CChNb:m95jOYRzyp6WhTWmPVDvb3D4hR4CChp
Malware Config
Targets
-
-
Target
f41127478f06c7ae7678e61ca05988789cbb78beb04d105cb5ddfc441d9aa630
-
Size
343KB
-
MD5
2ec3a66a0590ce7cfc2ef71e71635860
-
SHA1
062db91c2fcd8d0d7e44bf25e168bd0c0b0ff949
-
SHA256
f41127478f06c7ae7678e61ca05988789cbb78beb04d105cb5ddfc441d9aa630
-
SHA512
b0db83935fc32d4aac973225ee15f059c0c23d1cc2be8f32d6cb5689c216c8d0af64f7b62f7029dc3ec8dd16ff7639e826d5ff95277aa4302b03c1f5f61b8694
-
SSDEEP
6144:mCU/d3jO7xaRzfap6a3hTW1QZ6/uPKADFBWe0EbDP3dGbQXoh0W4CChNb:m95jOYRzyp6WhTWmPVDvb3D4hR4CChp
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-