General

  • Target

    090a5590ff687d65089ae0b23de72f7c7d13c5fba10c8ef275252fe40a0bd24d

  • Size

    4.1MB

  • Sample

    240526-m9xk3sha44

  • MD5

    8e6a48121e3ee94d786a0eca2d4acea9

  • SHA1

    617195c8a861eb5cd27ab3d4f72ddd373034b4a1

  • SHA256

    090a5590ff687d65089ae0b23de72f7c7d13c5fba10c8ef275252fe40a0bd24d

  • SHA512

    bb4a13d903860c2a8e2aab08c23032c4e7ddc81f71ac36ad5c8474852062e399fffee36757dfa098e8f7161b97c9259078b67439e937e5834b2aa1a0fc15bdcd

  • SSDEEP

    98304:WGdVyVT9nOgmhvkCyrYra8kWl9oLCqq8hwTSClWbaopvk1z3m:FWT9nO76u8Cm

Malware Config

Targets

    • Target

      090a5590ff687d65089ae0b23de72f7c7d13c5fba10c8ef275252fe40a0bd24d

    • Size

      4.1MB

    • MD5

      8e6a48121e3ee94d786a0eca2d4acea9

    • SHA1

      617195c8a861eb5cd27ab3d4f72ddd373034b4a1

    • SHA256

      090a5590ff687d65089ae0b23de72f7c7d13c5fba10c8ef275252fe40a0bd24d

    • SHA512

      bb4a13d903860c2a8e2aab08c23032c4e7ddc81f71ac36ad5c8474852062e399fffee36757dfa098e8f7161b97c9259078b67439e937e5834b2aa1a0fc15bdcd

    • SSDEEP

      98304:WGdVyVT9nOgmhvkCyrYra8kWl9oLCqq8hwTSClWbaopvk1z3m:FWT9nO76u8Cm

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks