General
-
Target
2025-04-03_224689f5be60110e26bc0e81d06381cb_amadey_cloudeye_hacktools_mimikatz_rhadamanthys_smoke-loader
-
Size
11.4MB
-
Sample
250403-ck9t1azms6
-
MD5
224689f5be60110e26bc0e81d06381cb
-
SHA1
22095f5f117b25a03e0fb983f0dd733d8a0f4d07
-
SHA256
4399a2654279a22422cba188b257f326994d12e2d0d91b93eb973acb8211fe84
-
SHA512
7d12c77cd75bfd1b377ba4ed234486d07134e2debddb1598105d904794b969d6a04deefd1454a5c876af5e208a97e5f85a2d342b84f2bf2414a28aa3ae988f2d
-
SSDEEP
196608:9EaOk2c1uwl1CPwDv3uFhi43v13uFnCPws8S/VW08Sr8lQeY3YKmknGzwHIPHd93:95nEwl1CPwDv3uFY43v13uFnCPwa/VW5
Malware Config
Targets
-
-
Target
2025-04-03_224689f5be60110e26bc0e81d06381cb_amadey_cloudeye_hacktools_mimikatz_rhadamanthys_smoke-loader
-
Size
11.4MB
-
MD5
224689f5be60110e26bc0e81d06381cb
-
SHA1
22095f5f117b25a03e0fb983f0dd733d8a0f4d07
-
SHA256
4399a2654279a22422cba188b257f326994d12e2d0d91b93eb973acb8211fe84
-
SHA512
7d12c77cd75bfd1b377ba4ed234486d07134e2debddb1598105d904794b969d6a04deefd1454a5c876af5e208a97e5f85a2d342b84f2bf2414a28aa3ae988f2d
-
SSDEEP
196608:9EaOk2c1uwl1CPwDv3uFhi43v13uFnCPws8S/VW08Sr8lQeY3YKmknGzwHIPHd93:95nEwl1CPwDv3uFY43v13uFnCPwa/VW5
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
mimikatz is an open source tool to dump credentials on Windows
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-