General
-
Target
85e67caed2a6ce894acdffbae48d92af12cbad9198f72e3e87b477b5cffe55f7
-
Size
7.9MB
-
Sample
240524-pvh59ace5t
-
MD5
d32f78a71fd09d09c544f05e8dd3d40c
-
SHA1
767ddca3599eab75b14e6539ccbd95b17e66cf86
-
SHA256
85e67caed2a6ce894acdffbae48d92af12cbad9198f72e3e87b477b5cffe55f7
-
SHA512
23e469e09426abda7ec0587b4676f2eb375864aac77bc8cb103b5880ac2b7509a3a1c4a6be636cb4f88376d0950fab46e825e6b40f2c58c764c696fab827c599
-
SSDEEP
196608:hh32TxDNiotZgs21BRLdoQlSOLM8gYQ9HPDPiVp:bmTF4otZoBRC0tL9gYQ9HmVp
Static task
static1
Behavioral task
behavioral1
Sample
85e67caed2a6ce894acdffbae48d92af12cbad9198f72e3e87b477b5cffe55f7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
85e67caed2a6ce894acdffbae48d92af12cbad9198f72e3e87b477b5cffe55f7.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
85e67caed2a6ce894acdffbae48d92af12cbad9198f72e3e87b477b5cffe55f7
-
Size
7.9MB
-
MD5
d32f78a71fd09d09c544f05e8dd3d40c
-
SHA1
767ddca3599eab75b14e6539ccbd95b17e66cf86
-
SHA256
85e67caed2a6ce894acdffbae48d92af12cbad9198f72e3e87b477b5cffe55f7
-
SHA512
23e469e09426abda7ec0587b4676f2eb375864aac77bc8cb103b5880ac2b7509a3a1c4a6be636cb4f88376d0950fab46e825e6b40f2c58c764c696fab827c599
-
SSDEEP
196608:hh32TxDNiotZgs21BRLdoQlSOLM8gYQ9HPDPiVp:bmTF4otZoBRC0tL9gYQ9HmVp
Score10/10-
Detect Blackmoon payload
-
Adds policy Run key to start application
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-