General
-
Target
371c685d9b8f71da804ec0de71fcd8c41a02928a64fffa9601999e77d810ede4
-
Size
5.2MB
-
Sample
241205-dxsa6awnax
-
MD5
afae7ba222a02c57f839f22b41f3b56f
-
SHA1
db9724a0399f1ff14c65e6439ca20b9617fff139
-
SHA256
371c685d9b8f71da804ec0de71fcd8c41a02928a64fffa9601999e77d810ede4
-
SHA512
a0909b9ba85a002ff95291240c32fe03e168c64f48768e1624c0400eb68a4b4a47c6af27789da2ee537aa925c34705177f08405cd20b82d4f0c82f41b0d84bfc
-
SSDEEP
98304:NQaYs/d7ByiwcCWw29///VRVIZe0w+WlUeZeshnUUanXjUG5YTQO4Ci:NQjU7wiwcQ29XUSlUeB9hanXQG5YTDi
Malware Config
Targets
-
-
Target
Chromestup翻译插件.msi
-
Size
6.4MB
-
MD5
5e95a04a874d801f406b1f2531056131
-
SHA1
66caf403d62d69f065a20ee71d8699456319893d
-
SHA256
b59cb81b4ea7d8e84a5738b9095d63670362380d0fb16feaa13badc4308c4dc5
-
SHA512
97c028d9ff9792234b2c5c1551e34c9b68df2bc489b0bdb2389a60021b2a28adb5a931d2f2973fb09194d5e538832bd20b5ed2a9c1cc3919a4119cfc27eceabd
-
SSDEEP
98304:/PBflMPzidUtZX3GcYXhDpjRPuZ+ksUmz6e30YhLUuunN/A0sO0vcap:HBfMDXXYXlsMz6evpjunNI0x0v
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatalrat family
-
Fatal Rat payload
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1