General
-
Target
3223b22a9c55b980f2bc076d9fab2bddff20f40a383dbe59c0afda8308ae8fcb
-
Size
4.5MB
-
Sample
240523-zcltjafd2w
-
MD5
a6b6657bf8a46aaf2fe1349044c7a4ff
-
SHA1
4c0efc580a9972319f6f3bb95a0d300cacdd9561
-
SHA256
3223b22a9c55b980f2bc076d9fab2bddff20f40a383dbe59c0afda8308ae8fcb
-
SHA512
82eb3bed5f7191b1444739e9cf13f1b7de877e4a75ff4e45bd34119897e947a9c691271d5eaaf3067f8440708364829d49aba0422a6741c8f87e39afadf361d8
-
SSDEEP
49152:xNIlAFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNICcnsHtvZHUbmb/+TK
Behavioral task
behavioral1
Sample
3223b22a9c55b980f2bc076d9fab2bddff20f40a383dbe59c0afda8308ae8fcb.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
3223b22a9c55b980f2bc076d9fab2bddff20f40a383dbe59c0afda8308ae8fcb
-
Size
4.5MB
-
MD5
a6b6657bf8a46aaf2fe1349044c7a4ff
-
SHA1
4c0efc580a9972319f6f3bb95a0d300cacdd9561
-
SHA256
3223b22a9c55b980f2bc076d9fab2bddff20f40a383dbe59c0afda8308ae8fcb
-
SHA512
82eb3bed5f7191b1444739e9cf13f1b7de877e4a75ff4e45bd34119897e947a9c691271d5eaaf3067f8440708364829d49aba0422a6741c8f87e39afadf361d8
-
SSDEEP
49152:xNIlAFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNICcnsHtvZHUbmb/+TK
-
Detect Blackmoon payload
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-