General
-
Target
YH.msi
-
Size
13.4MB
-
Sample
250321-bm7xra1wew
-
MD5
e41527007d14c7f084a0b702b283e1e5
-
SHA1
e51d10f9918816e9f7abbf289ff4f9a271d4f1af
-
SHA256
dd847b7624e96514b2ee1c6b942867b69e1281d76802244917cda997776d8a2e
-
SHA512
1aaafc3992bc6a0e57c6316288cf6fbc0ecdb11f78c8eb38cf99a77fd33f834a79727d1cad1eb48be938b0a1733c1b5251430b564968022eac15d9d5979ce999
-
SSDEEP
196608:pBfMDJ9/wXYZUpMqJsfvgfKJ10PlJc3DN2ZlcLB0kS731:pBfMDJ9+pMq4vcKPElJmZ2/c9A
Malware Config
Targets
-
-
Target
YH.msi
-
Size
13.4MB
-
MD5
e41527007d14c7f084a0b702b283e1e5
-
SHA1
e51d10f9918816e9f7abbf289ff4f9a271d4f1af
-
SHA256
dd847b7624e96514b2ee1c6b942867b69e1281d76802244917cda997776d8a2e
-
SHA512
1aaafc3992bc6a0e57c6316288cf6fbc0ecdb11f78c8eb38cf99a77fd33f834a79727d1cad1eb48be938b0a1733c1b5251430b564968022eac15d9d5979ce999
-
SSDEEP
196608:pBfMDJ9/wXYZUpMqJsfvgfKJ10PlJc3DN2ZlcLB0kS731:pBfMDJ9+pMq4vcKPElJmZ2/c9A
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatalrat family
-
Fatal Rat payload
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-