Extracted

• • Target

    064d2bd707964d68940c8bc7447798dad7b15a6fdc3a2d587d3cd7280418d784

  • Size

    4.2MB

  • MD5

    1d5a0ca464c1573cc629e02efb32a152

  • SHA1

    37d9e651469fe9eb5fcc5fe93a13e87f114b41b7

  • SHA256

    064d2bd707964d68940c8bc7447798dad7b15a6fdc3a2d587d3cd7280418d784

  • SHA512

    e33af28af79747a3800cca4c9a2208bf011bbd577b4593486faedab939adb8f10478da697b9c7f479c51b6e8db3c6c52606f1055b4decf7aab3dc0807aa22ad8

  • SSDEEP

    98304:Dg2KK3z9OP+9Rqc7b5nBnEQWoYIsaOyk3xd:E2KKjQ+9RZ7RBTYSOyC3

  Score

  10^/10

  blackmoongozixmrigbankerevasionisfbminerpersistencespywarestealertrojanupx

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon

  • Detect Blackmoon payload

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • UAC bypass

    evasiontrojan

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • UPX dump on OEP (original entry point)

  • XMRig Miner payload

    miner

  • Sets file execution options in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  behavioral1behavioral2