General

  • Target

    aicoin.exe

  • Size

    145.8MB

  • Sample

    231206-snw1bafd88

  • MD5

    b8e635877ccd6c813cefcb07dcc2ad1b

  • SHA1

    4b0eefab3f8b94f28b5223e42568c60d117c0f27

  • SHA256

    d0699424c33a92b68615e0db960f3c08ba18b170bc934540934ec5e31396a984

  • SHA512

    f4c091389ec29d8a54a6a9bf91fd5e85f31ebb774bb9cbc2f22ede4614ecbf2863421927a52d430e7ce30cefeec91036db439e0a513e5db16e1d5b7700df6de3

  • SSDEEP

    3145728:FuGrb8Sm74WZspMSM+R1z/f0Dzjw0+WRxNX3qmywVQe8LvetYXyjiTji5e:FuGrb8FUWhSM+fnoM0+WzNXBVD+mtYX9

Malware Config

Targets

    • Target

      aicoin.exe

    • Size

      145.8MB

    • MD5

      b8e635877ccd6c813cefcb07dcc2ad1b

    • SHA1

      4b0eefab3f8b94f28b5223e42568c60d117c0f27

    • SHA256

      d0699424c33a92b68615e0db960f3c08ba18b170bc934540934ec5e31396a984

    • SHA512

      f4c091389ec29d8a54a6a9bf91fd5e85f31ebb774bb9cbc2f22ede4614ecbf2863421927a52d430e7ce30cefeec91036db439e0a513e5db16e1d5b7700df6de3

    • SSDEEP

      3145728:FuGrb8Sm74WZspMSM+R1z/f0Dzjw0+WRxNX3qmywVQe8LvetYXyjiTji5e:FuGrb8FUWhSM+fnoM0+WzNXBVD+mtYX9

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks