General
-
Target
54bf334fd867ee19dd314ab1e09c083de27a9f0540d6b1a9ac1600e747f8c87d
-
Size
432KB
-
Sample
240913-1z2zpssclh
-
MD5
e81bbfa0c23086d9e58bae0ac76ce29a
-
SHA1
3411e17f95625d951536a6ddd7c0cee885db2fdd
-
SHA256
54bf334fd867ee19dd314ab1e09c083de27a9f0540d6b1a9ac1600e747f8c87d
-
SHA512
d22a373b988d9f99aaef07b223d480f11c3cea8ab9c3e15e4f60f371191edf2fe66638b9a52da9bf8b1320d997b6b19631502e907e5cee74612c77cf861b748f
-
SSDEEP
12288:kov9YJjrV+pJR6cuXFqaYCL9yKASIAcl3hkWWlyvQ+:B+JHVyR6xXky0KASbcdh6yvQ+
Malware Config
Targets
-
-
Target
54bf334fd867ee19dd314ab1e09c083de27a9f0540d6b1a9ac1600e747f8c87d
-
Size
432KB
-
MD5
e81bbfa0c23086d9e58bae0ac76ce29a
-
SHA1
3411e17f95625d951536a6ddd7c0cee885db2fdd
-
SHA256
54bf334fd867ee19dd314ab1e09c083de27a9f0540d6b1a9ac1600e747f8c87d
-
SHA512
d22a373b988d9f99aaef07b223d480f11c3cea8ab9c3e15e4f60f371191edf2fe66638b9a52da9bf8b1320d997b6b19631502e907e5cee74612c77cf861b748f
-
SSDEEP
12288:kov9YJjrV+pJR6cuXFqaYCL9yKASIAcl3hkWWlyvQ+:B+JHVyR6xXky0KASbcdh6yvQ+
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-