General
-
Target
9e50b97a55a5e9ae7cc0e804051fbd8d6c5f565a6ebabc994cbca8661f85b72c
-
Size
13.1MB
-
Sample
240625-xe1pcsygln
-
MD5
6b8f9b580d34345adad37f87847da222
-
SHA1
eccbd3a6188bc29b326f1179f498faaf6bbc2d96
-
SHA256
9e50b97a55a5e9ae7cc0e804051fbd8d6c5f565a6ebabc994cbca8661f85b72c
-
SHA512
1d1f2de1fc6b6c9361a84865a257beffe7a6aa93d6c72e193e75a235caa5092c877ed40f5b3cd378a30a43b2effeb6e3b376f3599f9ce3c3e8d12e02772a34f4
-
SSDEEP
393216:L7Lol7SS8PPD18U1qjh0FIHd24HjTDov4lXHtN2BFL/6M:HvPPCU1qjh0Fe04HXplXHeL/j
Static task
static1
Behavioral task
behavioral1
Sample
9e50b97a55a5e9ae7cc0e804051fbd8d6c5f565a6ebabc994cbca8661f85b72c.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
9e50b97a55a5e9ae7cc0e804051fbd8d6c5f565a6ebabc994cbca8661f85b72c
-
Size
13.1MB
-
MD5
6b8f9b580d34345adad37f87847da222
-
SHA1
eccbd3a6188bc29b326f1179f498faaf6bbc2d96
-
SHA256
9e50b97a55a5e9ae7cc0e804051fbd8d6c5f565a6ebabc994cbca8661f85b72c
-
SHA512
1d1f2de1fc6b6c9361a84865a257beffe7a6aa93d6c72e193e75a235caa5092c877ed40f5b3cd378a30a43b2effeb6e3b376f3599f9ce3c3e8d12e02772a34f4
-
SSDEEP
393216:L7Lol7SS8PPD18U1qjh0FIHd24HjTDov4lXHtN2BFL/6M:HvPPCU1qjh0Fe04HXplXHeL/j
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1