General
-
Target
594f21cb07c28ec4690f92d30920be9b2d6d7bd9ae8bd53382b7d9f647f303c8
-
Size
8.1MB
-
Sample
240526-mzf6cafg3s
-
MD5
64b964ac0f2c7d34a26d9293fed65fea
-
SHA1
b8bb59fa567e1eb05582aa4dbd8a9987fd1be10b
-
SHA256
594f21cb07c28ec4690f92d30920be9b2d6d7bd9ae8bd53382b7d9f647f303c8
-
SHA512
953f163b5b184397f0edf4089b2833b4d1f1ab148354b3a80cc722b3cdf6021a54dc036af52f1a5465aff8f6c719864ad65e24e41c728da08321a723ef8ab719
-
SSDEEP
196608:7WT9nO7jUJQDqzXmVyUJQDSGxr2cqUJQD8:x7AcOWcFlrbc8
Malware Config
Targets
-
-
Target
594f21cb07c28ec4690f92d30920be9b2d6d7bd9ae8bd53382b7d9f647f303c8
-
Size
8.1MB
-
MD5
64b964ac0f2c7d34a26d9293fed65fea
-
SHA1
b8bb59fa567e1eb05582aa4dbd8a9987fd1be10b
-
SHA256
594f21cb07c28ec4690f92d30920be9b2d6d7bd9ae8bd53382b7d9f647f303c8
-
SHA512
953f163b5b184397f0edf4089b2833b4d1f1ab148354b3a80cc722b3cdf6021a54dc036af52f1a5465aff8f6c719864ad65e24e41c728da08321a723ef8ab719
-
SSDEEP
196608:7WT9nO7jUJQDqzXmVyUJQDSGxr2cqUJQD8:x7AcOWcFlrbc8
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-