General
-
Target
c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f
-
Size
11.8MB
-
Sample
240407-tjbn9agc3y
-
MD5
ce01188db1fd97f5aec59e1293210e8b
-
SHA1
995f320d592d3ddf29ac5749e9e32da67d0e2069
-
SHA256
c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f
-
SHA512
e4648d95a7bd3d2312c2e82f41811be419252e154980df6637c43c60cda170242b82b69c45354be6e3b4e3765b81e807e2275b58a5d4b45b8ae4ae71e8b7d9c2
-
SSDEEP
196608:vIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:vf1xAcX/Or/M07neRJXe6basrSsgabI
Behavioral task
behavioral1
Sample
c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f
-
Size
11.8MB
-
MD5
ce01188db1fd97f5aec59e1293210e8b
-
SHA1
995f320d592d3ddf29ac5749e9e32da67d0e2069
-
SHA256
c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f
-
SHA512
e4648d95a7bd3d2312c2e82f41811be419252e154980df6637c43c60cda170242b82b69c45354be6e3b4e3765b81e807e2275b58a5d4b45b8ae4ae71e8b7d9c2
-
SSDEEP
196608:vIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:vf1xAcX/Or/M07neRJXe6basrSsgabI
-
Detect Blackmoon payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-