MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Blackmoon


Vendor detections: 14


Intelligence 14 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
SHA3-384 hash: 96b4712b964572ee25b6a14ad3a55d5248ee157dc3743a80ef59f6844e67553de2b57517d3393e8af61c27a4323a70b7
SHA1 hash: ff28ba1befdc619220efc4e5d852b6988b39b1e4
MD5 hash: 2574c7439e3390a9ae330d40c3e46124
humanhash: nitrogen-december-equal-lactose
File name:letsvpn-latest.exe
Download: download sample
Signature Blackmoon
Create hunting rule
File size:18'086'756 bytes
First seen:2025-09-21 10:30:37 UTC
Last seen:2025-10-04 13:30:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'471 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 393216:Q0NiZCOrXlotKSKiCF/K9GpMrOBBj5zVjvzj4+Ji11ioqNUtlqjk:PeCOr1RSPL9GpKCVzVjvzVo1jqwqA
TLSH T14107335EB7A69E78E3AAD8321DEF42783DACA39F5F4184077C4D648C4BC510E342961B
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4504/4/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika pebin
Reporter aachum
Tags:Blackmoon CHN exe KRBanker sk-2x5-xyz


Avatar
iamaachum
https://www.lets-vpn.pub/download => https://wwsw.lanzn.com/letsvpnz

Blackmoon/KrBanker C2: sk.2x5.xyz

Intelligence

File Origin
# of uploads :
2
# of downloads :
121
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
letsvpn-latest.exe
Verdict:
Malicious activity
Analysis date:
2025-09-21 10:37:06 UTC
Tags:
auto-drop auto-reg stealer golang
Link:
https://app.any.run/tasks/0c0af5bb-1f83-4982-9052-f2d1a97629a4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28495/
Detection(s):
SecuriteInfo.com.UntrustedCertificate.OpenCandy7AF.8482.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68cfd3ff5109d174238770f9
Tags:
virus shell sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Moving a recently created file
Creating a file
Running batch commands
Creating a process with a hidden window
DNS request
Connection attempt
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Setting a global event handler for the keyboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm borland_delphi exploit fingerprint innosetup installer overlay packed
Link:
https://www.filescan.io/uploads/68cfd3d7390649f7a5f47abf/reports/36a9678a-6dda-456a-b436-dd4cded2e777/overview
Verdict:
Malicious
Labled as:
Trojan_Win32_Wacatac_B_ml
Link:
https://www.hybrid-analysis.com/sample/34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-17T21:01:00Z UTC
Last seen:
2025-09-17T21:01:00Z UTC
Hits:
~100
Detections:
Trojan-Spy.Win64.Agent.sb Trojan.Win32.Yakes Trojan.Win32.Agent.sb Backdoor.Win32.Poison.sb Backdoor.Win32.Lotok.sbc Backdoor.Win32.Lotok.abdu
Link:
https://opentip.kaspersky.com/34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre.troj.spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1781478
Signature
Accesses sensitive object manager directories (likely to detect virtual machines)
Bypasses PowerShell execution policy
Changes security center settings (notifications, updates, antivirus, firewall)
Creates multiple autostart registry keys
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Malicious sample detected (through community Yara rule)
Modifies the DNS server
Modifies the windows firewall
Multi AV Scanner detection for submitted file
Performs a network lookup / discovery via ARP
Performs DNS queries to domains with low reputation
Potentially malicious time measurement code found
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Sample is not signed and drops a device driver
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious Program Location with Network Connections
Tries to detect sandboxes / dynamic malware analysis system (Installed program check)
Tries to detect virtualization through RDTSC time measurements
Uses ipconfig to lookup or modify the Windows network settings
Uses netsh to modify the Windows network and firewall settings
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1781478 Sample: letsvpn-latest.exe Startdate: 21/09/2025 Architecture: WINDOWS Score: 72 128 sk.2x5.xyz 2->128 130 yandex.com 2->130 132 10 other IPs or domains 2->132 146 Malicious sample detected (through community Yara rule) 2->146 148 Multi AV Scanner detection for submitted file 2->148 150 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 2->150 154 6 other signatures 2->154 12 letsvpn-latest.exe 2 2->12         started        15 svchost.exe 2->15         started        17 svchost.exe 2->17         started        20 8 other processes 2->20 signatures3 152 Performs DNS queries to domains with low reputation 128->152 process4 file5 126 C:\Users\user\AppData\...\letsvpn-latest.tmp, PE32 12->126 dropped 22 letsvpn-latest.tmp 3 12 12->22         started        25 drvinst.exe 15->25         started        28 drvinst.exe 15->28         started        142 Changes security center settings (notifications, updates, antivirus, firewall) 17->142 30 MpCmdRun.exe 17->30         started        144 Modifies the DNS server 20->144 32 LetsPRO.exe 20->32         started        34 LetsPRO.exe 20->34         started        signatures6 process7 file8 110 C:\Users\user\AppData\...\letsvpn-latest.exe, PE32 22->110 dropped 112 C:\Users\Public\VSTelem\...\hcvci.exe (copy), PE32 22->112 dropped 114 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 22->114 dropped 124 4 other files (none is malicious) 22->124 dropped 36 letsvpn-latest.exe 10 304 22->36         started        40 cmd.exe 1 22->40         started        116 C:\Windows\System32\...\tap0901.sys (copy), PE32+ 25->116 dropped 118 C:\Windows\System32\drivers\SET5235.tmp, PE32+ 25->118 dropped 168 Accesses sensitive object manager directories (likely to detect virtual machines) 25->168 120 C:\Windows\System32\...\tap0901.sys (copy), PE32+ 28->120 dropped 122 C:\Windows\System32\...\SET4B42.tmp, PE32+ 28->122 dropped 42 conhost.exe 30->42         started        signatures9 process10 file11 102 C:\Program Files (x86)\...\tap0901.sys, PE32+ 36->102 dropped 104 C:\Program Files (x86)\...\LetsPRO.exe, PE32 36->104 dropped 106 C:\Program Files (x86)\...\LetsPRO.exe.config, XML 36->106 dropped 108 223 other files (1 malicious) 36->108 dropped 156 Bypasses PowerShell execution policy 36->156 158 Modifies the windows firewall 36->158 160 Sample is not signed and drops a device driver 36->160 44 LetsPRO.exe 36->44         started        46 powershell.exe 23 36->46         started        49 tapinstall.exe 36->49         started        57 8 other processes 36->57 162 Uses netsh to modify the Windows network and firewall settings 40->162 164 Uses ipconfig to lookup or modify the Windows network settings 40->164 166 Performs a network lookup / discovery via ARP 40->166 52 hcvci.exe 1 3 40->52         started        55 conhost.exe 40->55         started        signatures12 process13 dnsIp14 59 LetsPRO.exe 44->59         started        178 Loading BitLocker PowerShell Module 46->178 63 conhost.exe 46->63         started        98 C:\Users\user\AppData\...\tap0901.sys (copy), PE32+ 49->98 dropped 100 C:\Users\user\AppData\Local\...\SET48D1.tmp, PE32+ 49->100 dropped 65 conhost.exe 49->65         started        134 sk.2x5.xyz 51.222.46.100, 49690, 9166 OVHFR France 52->134 180 Creates multiple autostart registry keys 52->180 182 Tries to detect virtualization through RDTSC time measurements 52->182 184 Tries to detect sandboxes / dynamic malware analysis system (Installed program check) 52->184 186 Potentially malicious time measurement code found 52->186 67 conhost.exe 57->67         started        69 conhost.exe 57->69         started        71 conhost.exe 57->71         started        73 10 other processes 57->73 file15 signatures16 process17 dnsIp18 136 119.29.29.29, 49693, 53 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 59->136 138 23.98.101.63, 443, 49701, 49711 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 59->138 140 10 other IPs or domains 59->140 174 Creates multiple autostart registry keys 59->174 176 Loading BitLocker PowerShell Module 59->176 75 cmd.exe 59->75         started        78 WMIC.exe 59->78         started        80 cmd.exe 59->80         started        82 cmd.exe 59->82         started        signatures19 process20 signatures21 170 Performs a network lookup / discovery via ARP 75->170 84 conhost.exe 75->84         started        86 ARP.EXE 75->86         started        172 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 78->172 88 conhost.exe 78->88         started        90 conhost.exe 80->90         started        92 ipconfig.exe 80->92         started        94 conhost.exe 82->94         started        96 ROUTE.EXE 82->96         started        process22
Score:
59%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/2574c7439e3390a9ae330d40c3e46124
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-18 02:04:04 UTC
File Type:
PE (Exe)
Extracted files:
815
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gsuhm4ozu4rfvwnk7xfaxx7ylc424hepzx4djrife2cqobjkpkaa._file
Result
Malware family:
blackmoon
Create hunting rule
Score:
  10/10
Tags:
family:blackmoon banker defense_evasion discovery execution persistence privilege_escalation spyware trojan upx
Link:
https://tria.ge/reports/250921-mkkj8av1hs/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Gathers network information
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Drops file in System32 directory
UPX packed file
Adds Run key to start application
Checks installed software on the system
Network Service Discovery
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Drops file in Drivers directory
Modifies Windows Firewall
Blackmoon family
Blackmoon, KrBanker
Detect Blackmoon payload
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3088004b-5294-43c1-be3a-38c95f1b8e16
Unpacked files
SH256 hash:
34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
MD5 hash:
2574c7439e3390a9ae330d40c3e46124
SHA1 hash:
ff28ba1befdc619220efc4e5d852b6988b39b1e4
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
df0ba7784c9e2ed9cad396440092207a42ecbc1d72016d5ec5d7a9c1be96326e
MD5 hash:
1674331d0cc49def5dc15ed621048c80
SHA1 hash:
9022f9cc4d9fa3b083c044f9922e9ec57fc6e10c
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
ac85ab06c243bb01f657ac7a241d8109905ea5fa56244fc0aa04ba74134ff98d
MD5 hash:
a31551fec0f5764987d21146dc7f5e75
SHA1 hash:
bca9112b8da3727c0790f83487b22a5f270b186d
Detections:
SUSP_NullSoftInst_Combo_Oct20_1
Create hunting rule
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
9f8bdfd4261b25f3486ebea97830760c0a0267fc40cc529ea6aef1980b4415c0
MD5 hash:
7efad5ea4033d2a04ff76730102cec13
SHA1 hash:
6e67c63c3e5fc577ae84e90c0ea908d9798ddc92
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81
MD5 hash:
4ff75f505fddcc6a9ae62216446205d9
SHA1 hash:
efe32d504ce72f32e92dcf01aa2752b04d81a342
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2
MD5 hash:
0ee914c6f0bb93996c75941e1ad629c6
SHA1 hash:
12e2cb05506ee3e82046c41510f39a258a5e5549
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0
MD5 hash:
9c8886759e736d3f27674e0fff63d40a
SHA1 hash:
ceff6a7b106c3262d9e8496d2ab319821b100541
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
MD5 hash:
192639861e3dc2dc5c08bb8f8c7260d5
SHA1 hash:
58d30e460609e22fa0098bc27d928b689ef9af78
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
MD5 hash:
b7d61f3f56abf7b7ff0d4e7da3ad783d
SHA1 hash:
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
dfb3bb98cfe620841fbf2a15aa67c1614d4746a2ea0e5925211de1fee7138b38
MD5 hash:
bf2bbecd323865428aa9c919c81def68
SHA1 hash:
b74c6ef70d5ec4f28eaa706e55aaf852059b6077
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
91ce4d5a441d881e26fcf54b4c7336645b05df660b880891c6ddba55c196ab76
MD5 hash:
12243abea00188411b0fb864c28108b7
SHA1 hash:
76001c920001cdb356248007ca6959fd8b0b5368
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
ca139f28e593eedfaa71f66cbd5306591a91f8b3ecf3423a592892007db18967
MD5 hash:
348277aecf060ce26cc6032396a22d1b
SHA1 hash:
70116c52fe474f951f675164c5e7ce64a7e87c67
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
752f7ac3d0c1dbd8f9a39cd1a3594da6d286990aa2ecd4744f45963a1110406e
MD5 hash:
339f392a1f3db6a28e89e91155020c7b
SHA1 hash:
5955fd0d6e99f5f16c57703a4f4efc51b39ccc09
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
Parent samples :
b16be5d71f0bfd28ed7356bd84c3b61d1c7b2590bd2c485530060f8900182789
34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
4eacffcd6994f9d6700edc6d1082268e52fbd92fda820e49ef209c23794d564c
8fc47c0972e855f0866d9cf9cba29d56210fc709f13214e6ae6687ca40ca51b8
fce7f7ad1d7b17e7106639ca23cc49d2cf642bcea024d8ba838f3f559c99e34c
0259075adca93861dd02c548ece119844d3a790548e892be43d5a526690725cd
93ed94372d167e22ddd847916b3a26bad5293cc54433244927877a3ecf95d0cf
9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f
1c88f34e755b2e9cc5766f2787b49ce2223d2a26487738869a8ba05d0e909d38
899cb424a250e13191b2d85de9a380c9a2e1ce316c4f46ad0db88d46a01aa8ab
SH256 hash:
1ce872ed466a8a3466c808a7babf3b597ec12e1cb84870e7a0cf00b2f5ef6df4
MD5 hash:
c848a2f5fa5feaa71409795e8e8c69d0
SHA1 hash:
9074f5b0ca107ab915164f790533bd672048c7b4
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
a59667cc2ddcbb0525bb748ce6f5d917cdb50e7480ea4cb84719544fe2d551c1
MD5 hash:
23f13dcba43f49aa4a1a67a9b9be9245
SHA1 hash:
8f64b339e9718fc31f65b5abd2aeba39f223a7c8
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
63d50dbe094bbce5d7bf8af08c0d919cfa5e057ca05ae7b27704a8477c8b348f
MD5 hash:
2ace85429eee9e8320c82d878e5562b4
SHA1 hash:
77ed8b89210930d1de2495ba363519b696d0b6e2
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
4a2438ecfcad3e6e7bb942acf2c40fbe2c0d72e4982df303ab5828af26ca753e
MD5 hash:
810105219d96749674c5bf31c82a3b09
SHA1 hash:
0de6e8b9834b4bb742e8ca90bdb02019a355a422
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
e597d9dd3e6bcf2e591a99b290d79005b01d3898185af4f07250c95b88c1dd6f
MD5 hash:
d3112f62cfa346a6b2559be6ef3ac864
SHA1 hash:
b747c3a66e1f31e00a517c4fda35aeaa3ddbcb2e
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
f81ba0dd987d46a67b1879ef4ee11c14f32940ff211eace347a68e42bf272554
MD5 hash:
2e77f841dbf271fd1ffc460bfd87a1d5
SHA1 hash:
18125861f0519cdf643560c0a988bf70c87d47b3
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
4ff9c980c3ab7c7ac48d44b019aa9a71609a1cfffd022d277065ff0b7f4f13a9
MD5 hash:
8e0935b9f7a2326c450e5636e12a8495
SHA1 hash:
bafe0b720049d60762b7312479fdb29d3da04e7b
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
684a90aec93be882cfc4cf1525d2ce8b2aa4232095f6e3a7af655e1c548b7a28
MD5 hash:
0b67fcbcda9452cd53f2c38dd8650dc7
SHA1 hash:
fb6a9050eb3860dc2b046149e26539e4b52d428d
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
8b07dc7227cf0399d9beda46a18bde77d57f81b06e336e021c90ed7c893d725d
MD5 hash:
9d4439cf4470312a96d6544c44cb212b
SHA1 hash:
31604834d7b5a0da53a5ef36f2484ca8b72cfaab
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
442e3caadfdfc920d81d5323cfeef0e8566ab374375c7f1e4d5b7831c4fd901f
MD5 hash:
b988f80655d26d20d4e45ca1dbaf8bc5
SHA1 hash:
19eb4608667a4da886ad67617cfcc29e3afd92ed
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
53c95fa5740730294805c5a54639aa67d481c57c14c025bbf60c21a1ea007a0f
MD5 hash:
c6a7383826df4f315997f1ae4f0fca70
SHA1 hash:
c05a9f93c84304fd564640b61f050641850e6736
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
b4787d3ba3f052aab344dc8ef499df93778c15bd21bcae917f4bbc27be8ed3ce
MD5 hash:
f3a0b30420e762ca7d029a36c66f67da
SHA1 hash:
61488100d168cac12eba9141b0b507bc542b63fa
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
f3b14defbd05493b8573016b08b86e5b5d53b486b0457fd75f67bf8bff04be38
MD5 hash:
6a3b9e46c41e42e7b8e1479468d892af
SHA1 hash:
e31c05ae685e51d07808b1dd24ceced9d299ed81
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
9b7079ccdf1e7b446f2300e513cda80334628d6c1258405e06a434727a819f7e
MD5 hash:
cf01542440e76d919236fb46321f17e4
SHA1 hash:
d770888ef8a59d885731f6e4ee2f0414c469ef71
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
45134be6f92f49e30625349c8dbaa2e307f07f03961eb0cac4bd4c97383f650f
MD5 hash:
d5377aa8b9b27902ff86132c9a7cb5c9
SHA1 hash:
b4075457e6dd45683e20f1774892e152b86c9952
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
7648b3c6fe244420b02ad9f578c4b9302964ab6999f2aaca7b5f69586da6d612
MD5 hash:
4f939bd788d87880419a6918b2f7b68a
SHA1 hash:
a7f35e6b3ce8af1775168b7123ada4f1b078e697
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
88e79c4218ae7c0914aa1db372926f3c0951071839e4b364251797509203e661
MD5 hash:
4d0c6b104b83ee00d34d244ed3259d5f
SHA1 hash:
4ab118d0e77c5ca31571c8e87a2f1e9802be0a2e
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
df93465a7b3a3fb26e4ce3208b6d65b9d1798891c6fc20bd9e318865cc170277
MD5 hash:
722e4db5045afe393a672fe1bc0e63bb
SHA1 hash:
68c14af3ab488bdd84ea37a96e73ea43c04d16ac
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
cdee95384abd85f682ab93a6033bbb10787b96dc53cc22a3bf4e4901f77b713a
MD5 hash:
f5c83bb2ef3b4568869459dbfdd50855
SHA1 hash:
bd32c4670f80aa99c6e53bbc5456585dc0589912
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
69fe41559951345d056ff432785bc234d02cad6e0fcd007ed9be7953b32c560c
MD5 hash:
56692d6a0c6b583d2cc3006a6c6c431f
SHA1 hash:
69340eac05b5bf58ef5a0b0e9b8127a5e933437c
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
9319068691713550060034c4f4f7442e41a4a1f36e67e6d1014370d6980f0369
MD5 hash:
37e4f602718d6da9245d6858c85e2a8d
SHA1 hash:
998e648df87dc4cab1f20336785c3be3e78e767b
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9
MD5 hash:
dc80f588f513d998a5df1ca415edb700
SHA1 hash:
e2f0032798129e461f0d2494ae14ea7a4f106467
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3
MD5 hash:
6cd3ed3db95d4671b866411db4950853
SHA1 hash:
528b69c35a5e36cc8d747965c9e5ea0dc40323b8
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7
MD5 hash:
c8f36848ce8f13084b355c934fc91746
SHA1 hash:
8f60c2fd1f6f5b5f365500b2749dca8c845f827a
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e
MD5 hash:
7546acebc5a5213dee2a5ed18d7ebc6c
SHA1 hash:
b964d242c0778485322ccb3a3b7c25569c0718b7
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
032d38bb6487768f96fe578f353aa98c3dfbc27e484f1c7500e6ddf7e9c062db
MD5 hash:
9cef6428a76dc2652c5a09794507539f
SHA1 hash:
8a8899b13f02fb24f4f993a5ef0474de3b243db9
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
c4d5f27d397b627a66b385a571f63b327f086b0c10eadd90ada70474097443c7
MD5 hash:
c29d753ab575ba590dee09d9951fe391
SHA1 hash:
06514982da9ebd5a13d13808abbc475260b0b566
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
96dd4ca59c9b24f381d585defda8759a33760dacb1d8ae8db887ea727bf049c7
MD5 hash:
67176b46f5ad635a32b842abfa9f91a9
SHA1 hash:
0903955291448850074f9230dfb087fedfe74f59
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
f145a9091435a7499fb3b15ee202c192b27484ffb2d61932bae01a849aa042c4
MD5 hash:
1a0d59997741a4206bbb729e770cf1c1
SHA1 hash:
bdf6c86b3cfbea0818913bea416b2fd67d764574
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
5f8a73955c99ad3b370bec13fc037a80260e4b25dadf2607e642c20b0fbd0057
MD5 hash:
f04d280294d19178131f4f77a6af7afb
SHA1 hash:
6a5bb874d8b7f28821a11822db8f3c8dfda9eb97
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
8b8393db3da5d00535dd259ba2adfd1e76cd2fc2cbfaa170207cbad514b3895b
MD5 hash:
998fed74ff2d4f7600c68f7da997fc16
SHA1 hash:
739f44c91f26b35e3f5cb27eb092bbc8d523c3b9
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
a123485502527a230c9363cdd419c4056f350c9f3867fb309898a725bec801ad
MD5 hash:
fdb2d1ff9b91ffe62047856cf6ac98c7
SHA1 hash:
7c8a94febffb90fb73a0e906d377f508ddb77841
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
3d2ed8e186f124f988ebdb45d0354185b424357be2433bba0033ab9ec31bd25b
MD5 hash:
26cbe846decab0836717301f0bc6ec0e
SHA1 hash:
a3902cfce95dd0756bcd22c51dbf9e69b1205be8
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
1ac26220d62c98a62129aa9d92d9011edf930d5ed49bcd3d209df4d204a4b2bf
MD5 hash:
40d6cb7ca91ed54b50b2b455972ab1f8
SHA1 hash:
29fbfec4aba1c6857d903b4e98a0aba0161896d1
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
97a9f37f5701b19bb89503bf708b5b93a2426c176292d84778a63c3005afb460
MD5 hash:
20a73d16e6cb948646890711b8613266
SHA1 hash:
3c4ab0ce56ffba52680c3c1735227eec0a02a214
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
14c162a7c0dd68a9913ab0dcc87678d207c87888a2b657710e4db4bf83e0559d
MD5 hash:
2623108f7f74d2d4f71f41a8c64e2b84
SHA1 hash:
1dbac50e3ff49981d20bdf4757d6b515dba0f1d2
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
b3da9268ac606fb39e7094e2203a5a30af2b681d98824ccecaee80462ca0f03a
MD5 hash:
ed26bd2e7a69fc2b65d60f9265b2eda1
SHA1 hash:
93eed8d96d1548bd4bdc0e722e6318a1db41048c
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
21d9b05a5c703f6754b8fbd6e3d0d58fc6dd31215d1118af64d4305f7d92d585
MD5 hash:
c549482f392b4a426d293121bd26ebe2
SHA1 hash:
cd30ba0c9b94b2d8453e94614bac8f9943f6e01c
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
9e2b2981784487460247043e38ef3d6bcdfef8cea96c5903cfd4c6710d00e5e0
MD5 hash:
19d8eb36a06c77fd653ccf4fa377f9c5
SHA1 hash:
9b59231bd560efdde422e16237d27e238b544753
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
9863a8ca0fd55fdf1de8d64cb89d034fc009a58220d45c5f4f83c6cdd0c5cbfd
MD5 hash:
bbea7769de6a008c3156141c52fdc18e
SHA1 hash:
7d9f90e8da62f9834f532e9a0aba54969c14ec28
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
d838c40848daf87743e96d42f8db18bb66a0b27cff5a48926a85a61c2d3e05b9
MD5 hash:
0bfef61b203054f6fbf08419ffe3f018
SHA1 hash:
ed9d0418507630996eb2c473ec5daf11d185c2c6
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
9f1533b23bfc95aaabcd9bc9c09673c7457e7cfc0cc38589e0e198829cd274d0
MD5 hash:
31bb7d830aa8a5074ceab4f1fc386254
SHA1 hash:
cd4a135e89ad9a472996c933616f5307bee02066
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
77a5d1619f9f07262e8ce98bb235ff961fafcecd3335922372de65cdd8877c4d
MD5 hash:
2e71c6394a6ab152139e2977c48440ff
SHA1 hash:
d4557ed90d8ac11606e0f36aea100bffcb5b3540
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
7c5e02a9c97196203defa3a4225cb35ac9b55df6567cb828d5302627733bd107
MD5 hash:
20bc40896204571d594cb72baca59a6e
SHA1 hash:
1c44e396b5236b9965b1b1c392ad9a4ae1b67a18
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
654b227b465946cd29d28877f915fbe6018634ef24e1436ebc163fce078d7563
MD5 hash:
5a016aedd7b9964f5fad2e0576acc218
SHA1 hash:
179bd6d735ace0391c301101bf5a6eafd39c7697
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
9030de8fd918cf5aebdb6634537db1df111bea3808ab7fd77dc71630747be4f0
MD5 hash:
b2d5332209a01fa064e3fcc01be0da85
SHA1 hash:
949a59c106faf0bcdfd22aae93f57f15a034c4c8
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
8e3b0b1ca9338ede77abfd7ceddbe9427fef69cc70e3698a52b87b3e70270dce
MD5 hash:
dd92138cbcccc7008e8fffc806c8cc9c
SHA1 hash:
056af811010e290980bf991aecda27705160a4fb
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
46ef947b9f5c2bb4dbac39bfab117a257b81928d14636ae037d18ff7987170bd
MD5 hash:
26d7c945b76f91f94d31cb8da41dbb72
SHA1 hash:
d7ee94a83b8a82cc61e5e49bb93d9246afedb604
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
8d32110904072d68920362d707aa748192a3aa6133e7ae44f369365512cc6c8e
MD5 hash:
fc65207cedd77e0eb4a1bed6f9a775f8
SHA1 hash:
7834979598f6d13ed48b48d14fe9c271b6ef93fb
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
e152a2e05114ee7f1d4d6933723722588551b817fc3baccd76451c0a487528ed
MD5 hash:
e5895856a6964160ba40c1a6a34e00ae
SHA1 hash:
6448042bc294ad5a40238c60876d9647c0687a73
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
cb6b6f352042d12c2117cacee053d99655beca8421a2d612ee1946de74682841
MD5 hash:
0380523c3793abb53359e212e9984c4e
SHA1 hash:
57a6b98e14f8a078cb1c63e2be71e4ec6d42351b
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
f437bc5f0aa9f3ebc8403fa4d5bbe22c6e5e346e00e3390b65772ee19e0d09f1
MD5 hash:
143826fedf607a924290ef997542f6d1
SHA1 hash:
d5f6044f8c1d48f98d5e99d1c67a143e7ee1caba
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
7735ad9b8eeec4d4f18fc44f0120ea0bf5f5296a99caeaed65478cd1fac33183
MD5 hash:
251792b503c1376eda3f97c5d0a8b432
SHA1 hash:
edaa083e936cc20f6cbc5b3dca330ac40e706c87
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
c7a4f70bbf090463023d2481d2a3b6e40c313beda22bbdea86dab287f5d0b0e6
MD5 hash:
c83400a9b03dfe052c72797336d80b87
SHA1 hash:
6bc0b39565f51fb92a1bd2ce44a02fda27edcdee
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
e55f88c76993d2f961443b22dbdc2f759e3127790d9b380c35e150b172b9bb64
MD5 hash:
347cd679a0255ef872a0a781342de127
SHA1 hash:
7847343d9a880d601d807039c4c4e2c579f1674f
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
4a14fa56abb39e63e25d380a17c32714f1a064b7c90ec3fb2f5fe7e0a07d0f05
MD5 hash:
70afd43f46a101e1666732dcf7cac48b
SHA1 hash:
dbfb1190ec2b799a5f1ae54bbaac28ec0a4a3419
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
ef6b3ab6c53f0b1bacae6311f79b3a486467e443ef3aced83f61c2f472f03a8d
MD5 hash:
66869a7dd08444ce42349b0bebca8ab3
SHA1 hash:
414be4741a3bffa92f142ccb7b87198e61e517b5
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
307bed6b7e85e600a83e4fc3d2ab1c3e85b43a89d160b442db36513c4d609305
MD5 hash:
d78eb4c36186bd1b18633054c60356e8
SHA1 hash:
77905eaa8055c4ad92f48921165284b8c7167145
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
447497df813895b1062717e6b3ee52726d688a93bb3770b78da19812cb1bc727
MD5 hash:
148b55a572c51c99e121b6116c3f2561
SHA1 hash:
67da3ec10e57c0ac04db8191f7f1f89f7c3ba27d
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
826fbc27fe80fcb37576cebfaccfb0fb58caba2f99abe5b06360115be8497e90
MD5 hash:
eaca6b725cd5319a33c1a6f8ce87f9cd
SHA1 hash:
91ce70b3785056f560af3d2290c34dd51bbe0e15
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
19c5ad815e72377f1c07b187b53b2576c355f317eb7e3131554403c951d8d125
MD5 hash:
cb6d0cedadfc67f8a9bf02f47e0ea6b1
SHA1 hash:
ada21e9c6c5dc10a73966c8afb552d7bfdc028cb
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
d5235265564f0bfd23b7279d7bdccc9ea6383ed07c5d0bfdf6c99029af9a2c0c
MD5 hash:
1d3dd9fcc077e6b4f88c05b9aef53ee6
SHA1 hash:
12b33858bc84f54b8aa8dbcb5a0ec2da043a6f66
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
86c1b142e3ca539692304177744e2a29e0681b324461ce138540cf50c391e65d
MD5 hash:
f752a14cbfc71f7080a7c7285ac4bfc7
SHA1 hash:
0ce074adfbbb6b4e0fd228d4908ce8434dff5077
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
Parent samples :
a35b7570b7818fb47837073b594b4581049edaa087a9e854b5b395abdc7b6773
cf4ecdd070a6b6806a0ee42b6367ff474077b35f493f75477327888f2fd6a905
b16be5d71f0bfd28ed7356bd84c3b61d1c7b2590bd2c485530060f8900182789
34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
8fc47c0972e855f0866d9cf9cba29d56210fc709f13214e6ae6687ca40ca51b8
0259075adca93861dd02c548ece119844d3a790548e892be43d5a526690725cd
899cb424a250e13191b2d85de9a380c9a2e1ce316c4f46ad0db88d46a01aa8ab
SH256 hash:
b86651162384248bfb167a49d440c2e580eb4f68a0680f22218fce6ed447f2df
MD5 hash:
41ce0f0bf4986c5c6a9e6711562aeed6
SHA1 hash:
e17edca90706df7178fc3b921fe1c0a8a34e596c
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
582f376e8448d01a0ed433906e09e51c4aacbfbcba07099b7538f545c8e85cd5
MD5 hash:
104468bb5797de3adb52ac66d6a751d3
SHA1 hash:
39b712989e78c180d3d1f683b8367feaaed7e034
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
1e02248fc226f1813f9a473aaf8dc9bd264101a6e371ddb73e145c0949834d47
MD5 hash:
4b874a3043d5e3c133f4c35863159638
SHA1 hash:
3a7d21700497d81c41193544b7ea913032d0aa82
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
a596d088ee4f29185441fe319d213de15b6a4f0335490d6fb4c3a34633ba5557
MD5 hash:
06082d584092c2fd86e236cd7e4ab373
SHA1 hash:
44e32a23f2b335e88f2f06e6e93f14697e476cba
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
cc927d8e2ad4718ab95cd000ceb6ff66a5e946e912a1b45f4a5047a920ea7abb
MD5 hash:
345387015bbbdf8d45187868d6ddb6bb
SHA1 hash:
d41dd3e44f4af8c99d5fcb9570ff207f7ccaa296
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
0704b6e175f62d3d89c307a9c3c9f68739af9be3bb73e4b12d9caa6f513310b0
MD5 hash:
9b84eee8443984cf2c63f46cda6e9858
SHA1 hash:
a7d279f024bc53aeab8d36b3f88a196f5de06a9d
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
f9b8513f35beb0aee22507455da63bfebd9973734256b5a72dab37c9b9f1d836
MD5 hash:
02e06a61281bd3082e31e4099e04d403
SHA1 hash:
3ebe20d71bfb4eed250fad3175c11578d5dc8105
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
5f5f8783fafb5f2372c84e3b11324d773109cb1c0721fed6aeebe7d8aff5e4fd
MD5 hash:
472754b5aafbefb8b2cf02f8612f1b9a
SHA1 hash:
82a85de00b09a78ef02a4de84cced96fe6a54065
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
e72254cd64e957daba137d027faab9df40412aea1696f5f2fa42e4d954c6d815
MD5 hash:
f137e1701f8d7ad7155ef9f27eb71bc4
SHA1 hash:
d116bd67874175b2b890b941743d54421e96b7e7
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
ae0372005896fc27fdbec72997340e0a1e7753afaa805982104fb3abea465402
MD5 hash:
d5a6e5a2b1040e944166fb139e45ea4a
SHA1 hash:
4303f4f936ce84d1861bdcc1c743b2d6619915ff
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
SH256 hash:
7cae36ed3ab2aa27d3dd0a17d74b298505852ed4dc7d5dcf07cdc9ae37e523b1
MD5 hash:
3ba6686e445b3a3957d15936e1f38584
SHA1 hash:
4d4ae999f7f842dd64f99f83bc00b07dc7519995
Detections:
BlackmoonBanker
Create hunting rule
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
MALWARE_Win_BlackMoon
Create hunting rule
Link:
https://www.unpac.me/results/e76794e8-e908-40dd-be88-bd38024a864f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:ScanStringsInsocks5systemz
Create hunting rule
Author:Byambaa@pubcert.mn
Description:Scans presence of the found strings using the in-house brute force method
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Blackmoon

Executable exe 34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80

(this sample)

  
Link
https://tria.ge/250921-masg3shm3s/behavioral2
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/28495/

Comments