General
-
Target
aicoin.exe
-
Size
145.8MB
-
Sample
231206-snw1bafd88
-
MD5
b8e635877ccd6c813cefcb07dcc2ad1b
-
SHA1
4b0eefab3f8b94f28b5223e42568c60d117c0f27
-
SHA256
d0699424c33a92b68615e0db960f3c08ba18b170bc934540934ec5e31396a984
-
SHA512
f4c091389ec29d8a54a6a9bf91fd5e85f31ebb774bb9cbc2f22ede4614ecbf2863421927a52d430e7ce30cefeec91036db439e0a513e5db16e1d5b7700df6de3
-
SSDEEP
3145728:FuGrb8Sm74WZspMSM+R1z/f0Dzjw0+WRxNX3qmywVQe8LvetYXyjiTji5e:FuGrb8FUWhSM+fnoM0+WzNXBVD+mtYX9
Static task
static1
Behavioral task
behavioral1
Sample
aicoin.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
aicoin.exe
Resource
win10-20231020-en
Behavioral task
behavioral3
Sample
aicoin.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral4
Sample
aicoin.exe
Resource
win11-20231128-en
Malware Config
Targets
-
-
Target
aicoin.exe
-
Size
145.8MB
-
MD5
b8e635877ccd6c813cefcb07dcc2ad1b
-
SHA1
4b0eefab3f8b94f28b5223e42568c60d117c0f27
-
SHA256
d0699424c33a92b68615e0db960f3c08ba18b170bc934540934ec5e31396a984
-
SHA512
f4c091389ec29d8a54a6a9bf91fd5e85f31ebb774bb9cbc2f22ede4614ecbf2863421927a52d430e7ce30cefeec91036db439e0a513e5db16e1d5b7700df6de3
-
SSDEEP
3145728:FuGrb8Sm74WZspMSM+R1z/f0Dzjw0+WRxNX3qmywVQe8LvetYXyjiTji5e:FuGrb8FUWhSM+fnoM0+WzNXBVD+mtYX9
-
Detect Blackmoon payload
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1