General
-
Target
1f2c6e3def8aa96534c4a78d8ce41cd235699ac95c27c581845752249da3fa76
-
Size
7.7MB
-
Sample
241210-nx1bwazlbj
-
MD5
156788efdc96619662720c324853728f
-
SHA1
14d9638a11b26d819a3200beb4b130cbfefb51fe
-
SHA256
1f2c6e3def8aa96534c4a78d8ce41cd235699ac95c27c581845752249da3fa76
-
SHA512
c593a28ceee7f7744fcb535a1c955528e09ea7ac86c53cb129f289c42df08606d7b537f04b0f737e81a8e5906da319dbec9f3fa7e86eaa5fc07f20e350c3d787
-
SSDEEP
196608:LIf1U68jQETofbBSWppR4KcybnJGYKtstFoQCLCejdTpV+ui7aRywWFRrK8jt:LIuBQET4bBjpRbTksdiCepp5iWkwWFRX
Malware Config
Targets
-
-
Target
ChormeGPT_instal.msi
-
Size
9.0MB
-
MD5
e9cc4acae3d8bdf0ce0c934c5fdeaf29
-
SHA1
eba099eaae94ee556a1f5c160fea8167854e7b51
-
SHA256
9ce9d59480d8dd8c68f591dcfacca0f24b628cd0979676ce544b82d92b913cb1
-
SHA512
b7bdb8823a947810f28fb46310066b8d73bc1e5239c2f308d07cfb734d770198c1950254f5609f6ec7c89d8984f09a276f2bddb0a862028a706c26412eca1853
-
SSDEEP
196608:Jvq8lyC5k/jzXuBfMDexr40ch1Fk+ovg9fYSeVQKRvThvyYox6Gy9L5+4z:BvyC5AjzeBfMDeSZygB+QKlhJowGy9LF
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatalrat family
-
Fatal Rat payload
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1