General

  • Target

    5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937

  • Size

    173KB

  • Sample

    241102-z8e1vsymgk

  • MD5

    ee2c750d7ec3042b9d4d4904dc3b1320

  • SHA1

    8d5e00a8df5dd76957887b868d818104d88d564f

  • SHA256

    5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937

  • SHA512

    ed72977df055de5d1fdc605d90b55664c0d40703925d9d3494173465541764d40b8e30578b8e7b7a1ee7d43e61d7da40f977ef7e7e5870cd84d9e5bf87003206

  • SSDEEP

    3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N

Malware Config

Targets

    • Target

      5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937

    • Size

      173KB

    • MD5

      ee2c750d7ec3042b9d4d4904dc3b1320

    • SHA1

      8d5e00a8df5dd76957887b868d818104d88d564f

    • SHA256

      5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937

    • SHA512

      ed72977df055de5d1fdc605d90b55664c0d40703925d9d3494173465541764d40b8e30578b8e7b7a1ee7d43e61d7da40f977ef7e7e5870cd84d9e5bf87003206

    • SSDEEP

      3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks