General
-
Target
32d57beaaac38a62cd91d3c26dd9c826374862d03fd36f21e1e3dda6486c1e86
-
Size
12.6MB
-
Sample
240526-ge1rcsgh5v
-
MD5
15724d3cd1761298b3284825707cc455
-
SHA1
43a9462fe8ca85c21d4bc04b337ea1c62925e88d
-
SHA256
32d57beaaac38a62cd91d3c26dd9c826374862d03fd36f21e1e3dda6486c1e86
-
SHA512
386f179d9d849dd7b589c02c380f1645d86b809e54d66bb8b746a9d196d7f1f6ab5462f5fb30a881fd9421493ce6d4c8f1219726ca14a874dfd8c5501dca564b
-
SSDEEP
393216:DxNPOEhmwhy+41I3tEaQI9r49nCK0Irz32:1N2EAMr49nCKH2
Malware Config
Targets
-
-
Target
32d57beaaac38a62cd91d3c26dd9c826374862d03fd36f21e1e3dda6486c1e86
-
Size
12.6MB
-
MD5
15724d3cd1761298b3284825707cc455
-
SHA1
43a9462fe8ca85c21d4bc04b337ea1c62925e88d
-
SHA256
32d57beaaac38a62cd91d3c26dd9c826374862d03fd36f21e1e3dda6486c1e86
-
SHA512
386f179d9d849dd7b589c02c380f1645d86b809e54d66bb8b746a9d196d7f1f6ab5462f5fb30a881fd9421493ce6d4c8f1219726ca14a874dfd8c5501dca564b
-
SSDEEP
393216:DxNPOEhmwhy+41I3tEaQI9r49nCK0Irz32:1N2EAMr49nCKH2
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-