General
-
Target
60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5
-
Size
159KB
-
Sample
241102-1bk2aawepr
-
MD5
87cd822eb1368f109799793e847fd209
-
SHA1
5810b04ff6ff1aa1a58bce1d35060bb308234488
-
SHA256
60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5
-
SHA512
072332431fbefea0dc074630a45b2b955159850de834dfceaf12be90f833cc1ab2afae95e541cac11f6c01cf0cf5454e908bb220a820781974f2864aca980a9a
-
SSDEEP
3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N
Behavioral task
behavioral1
Sample
60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5.dll
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5
-
Size
159KB
-
MD5
87cd822eb1368f109799793e847fd209
-
SHA1
5810b04ff6ff1aa1a58bce1d35060bb308234488
-
SHA256
60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5
-
SHA512
072332431fbefea0dc074630a45b2b955159850de834dfceaf12be90f833cc1ab2afae95e541cac11f6c01cf0cf5454e908bb220a820781974f2864aca980a9a
-
SSDEEP
3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N
-
Blackmoon family
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat family
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-