General
-
Target
6fd082aa0d4fd75f2427510d8738b55b2090b4b406534adb335cdb0453ad53cb
-
Size
4.5MB
-
Sample
240523-vwnp1sad28
-
MD5
b557479cf922838ce64b1a27bc772bf4
-
SHA1
b434f86ff476003fea3306a62d2a1075f5442f5c
-
SHA256
6fd082aa0d4fd75f2427510d8738b55b2090b4b406534adb335cdb0453ad53cb
-
SHA512
706f01459a0e7dc214cf6bd33d84d4b3be9fb32b1ee409eb71a0974ef9a55e3eaeb11878c957cc4ce24c671d2d2e279a0d73236cdb31d770bb37a0de988b0a78
-
SSDEEP
49152:xNIldFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNITcnsHtvZHUbmb/+TK
Malware Config
Targets
-
-
Target
6fd082aa0d4fd75f2427510d8738b55b2090b4b406534adb335cdb0453ad53cb
-
Size
4.5MB
-
MD5
b557479cf922838ce64b1a27bc772bf4
-
SHA1
b434f86ff476003fea3306a62d2a1075f5442f5c
-
SHA256
6fd082aa0d4fd75f2427510d8738b55b2090b4b406534adb335cdb0453ad53cb
-
SHA512
706f01459a0e7dc214cf6bd33d84d4b3be9fb32b1ee409eb71a0974ef9a55e3eaeb11878c957cc4ce24c671d2d2e279a0d73236cdb31d770bb37a0de988b0a78
-
SSDEEP
49152:xNIldFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNITcnsHtvZHUbmb/+TK
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-