General
-
Target
5771e6a3228332938f6b5c0cc971fe92d1f4d51d8ee6bd93eab42d9c05951621
-
Size
432KB
-
Sample
240908-xhpfha1crn
-
MD5
2dcc896fd48cb12f369cc87b11740822
-
SHA1
949bc7bfe5c14ae8857046bf881480c2b343d608
-
SHA256
5771e6a3228332938f6b5c0cc971fe92d1f4d51d8ee6bd93eab42d9c05951621
-
SHA512
30adb028abd8b753120e9073515d5dc135c9db194f158349043b5267aafed242ab7b6d3282a304d366ed8efed6e583b1f9850b19e8c33119993d3682d9791fa0
-
SSDEEP
12288:kov9YJjrV+pJR6cuXFqaYCL9yKASIAcl3hkWWlyvQX:B+JHVyR6xXky0KASbcdh6yvQX
Malware Config
Targets
-
-
Target
5771e6a3228332938f6b5c0cc971fe92d1f4d51d8ee6bd93eab42d9c05951621
-
Size
432KB
-
MD5
2dcc896fd48cb12f369cc87b11740822
-
SHA1
949bc7bfe5c14ae8857046bf881480c2b343d608
-
SHA256
5771e6a3228332938f6b5c0cc971fe92d1f4d51d8ee6bd93eab42d9c05951621
-
SHA512
30adb028abd8b753120e9073515d5dc135c9db194f158349043b5267aafed242ab7b6d3282a304d366ed8efed6e583b1f9850b19e8c33119993d3682d9791fa0
-
SSDEEP
12288:kov9YJjrV+pJR6cuXFqaYCL9yKASIAcl3hkWWlyvQX:B+JHVyR6xXky0KASbcdh6yvQX
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-