General
-
Target
fdffa664e6f26438f777ccbbf537c6c1de3d23c06e59c44d4e558bc0f2dcc1b0
-
Size
4.5MB
-
Sample
240523-xnr4kscf2t
-
MD5
625f77ef3de12fc52b00b5515e5fd6b5
-
SHA1
aa311daa84acc4a5f76b08bbbc51563378623ddc
-
SHA256
fdffa664e6f26438f777ccbbf537c6c1de3d23c06e59c44d4e558bc0f2dcc1b0
-
SHA512
47817ad5df04c85a395d6a4ee2f18db4c55e17fb50663a038a982097ee423b033f02b8621805457ac9e7b47822b3258876e59765dceb2d6be82480d465769a5b
-
SSDEEP
49152:xNIlvFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNIRcnsHtvZHUbmb/+TK
Behavioral task
behavioral1
Sample
fdffa664e6f26438f777ccbbf537c6c1de3d23c06e59c44d4e558bc0f2dcc1b0.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
fdffa664e6f26438f777ccbbf537c6c1de3d23c06e59c44d4e558bc0f2dcc1b0
-
Size
4.5MB
-
MD5
625f77ef3de12fc52b00b5515e5fd6b5
-
SHA1
aa311daa84acc4a5f76b08bbbc51563378623ddc
-
SHA256
fdffa664e6f26438f777ccbbf537c6c1de3d23c06e59c44d4e558bc0f2dcc1b0
-
SHA512
47817ad5df04c85a395d6a4ee2f18db4c55e17fb50663a038a982097ee423b033f02b8621805457ac9e7b47822b3258876e59765dceb2d6be82480d465769a5b
-
SSDEEP
49152:xNIlvFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNIRcnsHtvZHUbmb/+TK
-
Detect Blackmoon payload
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-