General
-
Target
991af4e2097d3c6e378b423c8c860260a53c4a1751520d2837bcc77ecc236808
-
Size
14.5MB
-
Sample
240624-edwd5swgka
-
MD5
e3e5b88c970098f0ba7a3bd8b011bb2d
-
SHA1
b110755d4979cebf952b4eeda32b2d7b05936bca
-
SHA256
991af4e2097d3c6e378b423c8c860260a53c4a1751520d2837bcc77ecc236808
-
SHA512
c453f032612bb3a964e0aea341ff777eba74c7214fb678bc9fdeded078e4d775071b743d65bd97b1c1f43ab9d9c095a112bdb2e2397223443e4bde4b9f834dcc
-
SSDEEP
393216:W7VsokhB+3ywWFfuXC4bqbG0LWtUQa9ilzyMKQ:e+1iCw+WnULKxoiP
Malware Config
Targets
-
-
Target
991af4e2097d3c6e378b423c8c860260a53c4a1751520d2837bcc77ecc236808
-
Size
14.5MB
-
MD5
e3e5b88c970098f0ba7a3bd8b011bb2d
-
SHA1
b110755d4979cebf952b4eeda32b2d7b05936bca
-
SHA256
991af4e2097d3c6e378b423c8c860260a53c4a1751520d2837bcc77ecc236808
-
SHA512
c453f032612bb3a964e0aea341ff777eba74c7214fb678bc9fdeded078e4d775071b743d65bd97b1c1f43ab9d9c095a112bdb2e2397223443e4bde4b9f834dcc
-
SSDEEP
393216:W7VsokhB+3ywWFfuXC4bqbG0LWtUQa9ilzyMKQ:e+1iCw+WnULKxoiP
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-