General
-
Target
d81efe9b72b0738990dd31edcc3c9183
-
Size
6.2MB
-
Sample
240320-hbpqcsbd2z
-
MD5
d81efe9b72b0738990dd31edcc3c9183
-
SHA1
81725e48dbdad824faa81e8957785e8d662bbd7a
-
SHA256
e5695c1ea3c8d2565baa0fafee9e4a8ed99a57b913773f03072afd0840b045c1
-
SHA512
8fc148d0c69039366c5a968a476af620847312ca2b312d33191170de6aa238792cb15cd4e4bac63f1904e241afaa0c0d6634725bb98e66e06be079b3e6602419
-
SSDEEP
196608:jBKP7jkNEptWOf0Fytvu3xndekWUEG17j:07QNEptWc0Utved36Oj
Malware Config
Targets
-
-
Target
salikhack.exe
-
Size
6.8MB
-
MD5
92290d3c06e414319fb42fc0f7d981d0
-
SHA1
6396501c4acd9e06a44f75f136528535e8003dce
-
SHA256
3d10fcb6f54d01863d35000decd99bc4234266b668263035c55597e09c885f43
-
SHA512
2d59d0121b48e442ba2d2af2639afe928664238ef51e819a634c7c71aebfbaf87f3e8a033285111046d2f50c9a286b611143aac5c227a000ec5d4be65e5bc294
-
SSDEEP
196608:xclQtVzCfE9FQs1W/ojxuBxn86iiYY1BC:x5VOfE9FQUWQjxy8T5
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-