General
-
Target
i4.msi.vir
-
Size
414.8MB
-
Sample
241119-epln3szmft
-
MD5
5458ded6540ceaa02e7c1b74b38fa8ba
-
SHA1
77f63bfb0c37b76005b9105e3544a63dd2240f77
-
SHA256
7f7abbdbd82cc7e2142636e764b13547bd1e309221693a9e3d1ceab5299c0af6
-
SHA512
cac691c9c69e6db69e4e9d16a60aa9e01f2cf6f2fc7bafc15b9ba88d13dc0bcfb2f966e9e7b888aafa547cb49f2ca6df625fe555b6eb6d757e30aa601ea8feec
-
SSDEEP
12582912:kGJfvUrxERbTpxS6bJSPeXi2ffucxlgJIerR:kGq9Mp9bJSWXi2fpxOIerR
Static task
static1
Behavioral task
behavioral1
Sample
i4.msi
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
i4.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
i4.msi.vir
-
Size
414.8MB
-
MD5
5458ded6540ceaa02e7c1b74b38fa8ba
-
SHA1
77f63bfb0c37b76005b9105e3544a63dd2240f77
-
SHA256
7f7abbdbd82cc7e2142636e764b13547bd1e309221693a9e3d1ceab5299c0af6
-
SHA512
cac691c9c69e6db69e4e9d16a60aa9e01f2cf6f2fc7bafc15b9ba88d13dc0bcfb2f966e9e7b888aafa547cb49f2ca6df625fe555b6eb6d757e30aa601ea8feec
-
SSDEEP
12582912:kGJfvUrxERbTpxS6bJSPeXi2ffucxlgJIerR:kGq9Mp9bJSWXi2fpxOIerR
-
Blackmoon family
-
Detect Blackmoon payload
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-