General

  • Target

    60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5

  • Size

    159KB

  • Sample

    241102-1bk2aawepr

  • MD5

    87cd822eb1368f109799793e847fd209

  • SHA1

    5810b04ff6ff1aa1a58bce1d35060bb308234488

  • SHA256

    60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5

  • SHA512

    072332431fbefea0dc074630a45b2b955159850de834dfceaf12be90f833cc1ab2afae95e541cac11f6c01cf0cf5454e908bb220a820781974f2864aca980a9a

  • SSDEEP

    3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N

Malware Config

Targets

    • Target

      60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5

    • Size

      159KB

    • MD5

      87cd822eb1368f109799793e847fd209

    • SHA1

      5810b04ff6ff1aa1a58bce1d35060bb308234488

    • SHA256

      60cf7ac7d800633e8a7a174b9361b5ec01509d4044f33f32801a4957970112f5

    • SHA512

      072332431fbefea0dc074630a45b2b955159850de834dfceaf12be90f833cc1ab2afae95e541cac11f6c01cf0cf5454e908bb220a820781974f2864aca980a9a

    • SSDEEP

      3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks