General
-
Target
f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
-
Size
4.7MB
-
Sample
240522-rttxgaed28
-
MD5
ce5a02dbbbecfdf9897726db6ba09a0b
-
SHA1
05a203727a334153388184a030d3eff8534d611a
-
SHA256
f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
-
SHA512
d7e5a09cd93d4ccb1acac82eecd4b6c055b02792b8846644be028b0b9c11bb24771e2a94c4238267af108329cf86ec937751a876bd3299e4993e5abf7e840454
-
SSDEEP
98304:fFBWQlG4wlD4GfkehReReO2pAiNoXfsQi2GxhDxjM1gh9noS9oMPQq9EsZXQo:e3uD/exAWoP3Imgbo8oMJEsBQo
Static task
static1
Behavioral task
behavioral1
Sample
f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
-
Size
4.7MB
-
MD5
ce5a02dbbbecfdf9897726db6ba09a0b
-
SHA1
05a203727a334153388184a030d3eff8534d611a
-
SHA256
f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
-
SHA512
d7e5a09cd93d4ccb1acac82eecd4b6c055b02792b8846644be028b0b9c11bb24771e2a94c4238267af108329cf86ec937751a876bd3299e4993e5abf7e840454
-
SSDEEP
98304:fFBWQlG4wlD4GfkehReReO2pAiNoXfsQi2GxhDxjM1gh9noS9oMPQq9EsZXQo:e3uD/exAWoP3Imgbo8oMJEsBQo
-
Detect Blackmoon payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-