General
-
Target
a456f1d4fa5aa51e8605e6fcb43579c41593c6ae7eb110c5bbdddd071b3ab1f8.rar
-
Size
6.2MB
-
Sample
240524-yweznahd7w
-
MD5
6f931c28532be11c8492783d89b4cc84
-
SHA1
955ce2909398152312137f700c4449ad7069771a
-
SHA256
a456f1d4fa5aa51e8605e6fcb43579c41593c6ae7eb110c5bbdddd071b3ab1f8
-
SHA512
b7c9dd2eee7f18c7c4cbff70fd8870a9d6ed754a69ce31c2cfa54c608a0717f0986cf59a1426dc4718fb2fe4364d650961e13c4335d477cdbd39396fe794a75b
-
SSDEEP
196608:QQEKh6tL/aLnXFDJ82PDIC3Xnhs/AvA8HZnL:QlKEtL/cFDytC3Xn5vpZL
Malware Config
Targets
-
-
Target
salikhack.exe
-
Size
6.8MB
-
MD5
92290d3c06e414319fb42fc0f7d981d0
-
SHA1
6396501c4acd9e06a44f75f136528535e8003dce
-
SHA256
3d10fcb6f54d01863d35000decd99bc4234266b668263035c55597e09c885f43
-
SHA512
2d59d0121b48e442ba2d2af2639afe928664238ef51e819a634c7c71aebfbaf87f3e8a033285111046d2f50c9a286b611143aac5c227a000ec5d4be65e5bc294
-
SSDEEP
196608:xclQtVzCfE9FQs1W/ojxuBxn86iiYY1BC:x5VOfE9FQUWQjxy8T5
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Poullight
Poullight is an information stealer first seen in March 2020.
-
Poullight Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-