Resubmissions
15-06-2024 17:15
240615-vsnwlsybpd 10General
-
Target
1.rar
-
Size
1.9MB
-
Sample
240615-vsnwlsybpd
-
MD5
8a4e8130219d95751c1e4a76976c3b28
-
SHA1
3e8ea6f16e7fdea443340b31f368d566581827a2
-
SHA256
cb426c55759f1fcf43e3702775efb9dfd891cb5b3fe3c923902e6c10f9d79428
-
SHA512
2a0bfe9c4cb3db4deea832fa5a115f04ccde5decf520ef221ff2aa99327f1411efdb0c0caa7038b54aaabca26e8623a37d3794e19279d911a016294c268fcb48
-
SSDEEP
49152:HiGVIDfeCrOMKhE6Atib0ijKPUp9M8Qf386ax00ezkz041NoXKq:HijVrb6z9b1K38Q/HaJY141N5q
Malware Config
Targets
-
-
Target
MFCApplication2.exe
-
Size
3.6MB
-
MD5
7785297d6a6cca894812e38ff61b4821
-
SHA1
e24810dbc9ee16fb66569d50a27ab91ce142be1b
-
SHA256
04de6575d99e80078f09218598cf4b5d73a7de0c6b7f871113efd90c369aa0ba
-
SHA512
9ccf80b1129b2903c90bf228766986858c9f10ed1ea65d5f6089f53161132493aeb7d21ee4c947a1e90b858d6661a3b2f3e1abe07da9b61e88a2fade4cef2965
-
SSDEEP
98304:kHhvky3nvCPDn6Dwmx0fitG+GJW1FLOAkGkzdnEVomFHKnPu:kHyPuk+GJW1FLOyomFHKnP
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-