General
-
Target
4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a
-
Size
3.7MB
-
Sample
241017-1b1rqsxekd
-
MD5
2235c764ae47ecdb6a76a80474849183
-
SHA1
346c32a4305f8dbb182a2514cfbb7bcc3856cac9
-
SHA256
4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a
-
SHA512
552e7ac089cc1c16b6abf87d675d1c13e19a28d110772aab0d53c6e890857cf7d4aa5cc96b15bd4e23ca88b0f9e1c3d65a52228ecf342305b852a637fb95071d
-
SSDEEP
98304:hyyRWs+dq591REs7+n6VVaxMsbajz7fIjufFJbzV5mNVD3AFzX4cfAkbqG/zi3nJ:wOhaKhfFJbzV5mNVD3A3Ny
Behavioral task
behavioral1
Sample
4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a
-
Size
3.7MB
-
MD5
2235c764ae47ecdb6a76a80474849183
-
SHA1
346c32a4305f8dbb182a2514cfbb7bcc3856cac9
-
SHA256
4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a
-
SHA512
552e7ac089cc1c16b6abf87d675d1c13e19a28d110772aab0d53c6e890857cf7d4aa5cc96b15bd4e23ca88b0f9e1c3d65a52228ecf342305b852a637fb95071d
-
SSDEEP
98304:hyyRWs+dq591REs7+n6VVaxMsbajz7fIjufFJbzV5mNVD3AFzX4cfAkbqG/zi3nJ:wOhaKhfFJbzV5mNVD3A3Ny
-
Detect Blackmoon payload
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-