Extracted

• • Target

    eae34455507aa2de1a5caab4612c4c3ed9ad084d0ebe00c556152c8b6f4a2167

  • Size

    4.6MB

  • MD5

    f8e2ab85cb191ed0d014c77cc699c230

  • SHA1

    d33f0454cd0139b831e252f80eb9d3314196fd89

  • SHA256

    eae34455507aa2de1a5caab4612c4c3ed9ad084d0ebe00c556152c8b6f4a2167

  • SHA512

    9c4a8cc703dfa91f6af5c3fcdaca2142bec0e48b169e2eed8ff69663a95b82f93e52f4df381156714d91baf7f4e681e2960d2f3139c8062f32f24f007eb5b413

  • SSDEEP

    98304:A4m7nXWiuGlEB7sxj0Ith/UWtmYYAszulCn93ZFc/OWqS1Lf+uwCT/tmgB6:APDXWiDEKjP/vRIzRtI11LX

  Score

  10^/10

  blackmoonsalitybackdoorbankerevasiontrojanupx

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon

  • Detect Blackmoon payload

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2