General
-
Target
859ba1a21b3ce7168c45c375fb29b8a452466075f3ed528870a5ea0deff6dc9aN.exe
-
Size
144KB
-
Sample
241122-z5bt2avram
-
MD5
af716af2364fa04c83c61dc70a550d40
-
SHA1
d1628077b4965a0ce4986291fb2a1d58570c51af
-
SHA256
859ba1a21b3ce7168c45c375fb29b8a452466075f3ed528870a5ea0deff6dc9a
-
SHA512
53c6254a180cd148e832f3baf58a2f774b1855411c74a7dda0a0d5cbb00101e2aec09cfbbcd35a34447d8b347252a0f21c5f486368e58621799a144cca7b32a6
-
SSDEEP
3072:S5VK0lTSG9xoC+CQpiU5M+U3mjfv2JxhGtB90N4w:N0T9xB+CUQmjfvIxhGtBWN
Malware Config
Targets
-
-
Target
859ba1a21b3ce7168c45c375fb29b8a452466075f3ed528870a5ea0deff6dc9aN.exe
-
Size
144KB
-
MD5
af716af2364fa04c83c61dc70a550d40
-
SHA1
d1628077b4965a0ce4986291fb2a1d58570c51af
-
SHA256
859ba1a21b3ce7168c45c375fb29b8a452466075f3ed528870a5ea0deff6dc9a
-
SHA512
53c6254a180cd148e832f3baf58a2f774b1855411c74a7dda0a0d5cbb00101e2aec09cfbbcd35a34447d8b347252a0f21c5f486368e58621799a144cca7b32a6
-
SSDEEP
3072:S5VK0lTSG9xoC+CQpiU5M+U3mjfv2JxhGtB90N4w:N0T9xB+CUQmjfvIxhGtBWN
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-