General

  • Target

    a14848d5d7118fc5e265d956ac857703bb433b5b9b5029ae9ec38ab10d3b9e3c

  • Size

    2.1MB

  • Sample

    221002-zfgnzshhe7

  • MD5

    6b8f922e24b6953f1646942d1fbb5493

  • SHA1

    863747f5c00f71635ba9bc7ca7ed158e98852c6f

  • SHA256

    a14848d5d7118fc5e265d956ac857703bb433b5b9b5029ae9ec38ab10d3b9e3c

  • SHA512

    8e6991fce2939e1745d1d1dec8a0ef793706c22c4135c388a0662fd4f4355afa00ecd590b83e51a50ef295cf2536a9a3d060868de13496971e42ec33929c3028

  • SSDEEP

    49152:Zl8V/HfDl3v33vqkWo2+rZra+hciZvCOhRv:ZqZ/ZfnvZWo/5hciZvCO7v

Malware Config

Targets

    • Target

      a14848d5d7118fc5e265d956ac857703bb433b5b9b5029ae9ec38ab10d3b9e3c

    • Size

      2.1MB

    • MD5

      6b8f922e24b6953f1646942d1fbb5493

    • SHA1

      863747f5c00f71635ba9bc7ca7ed158e98852c6f

    • SHA256

      a14848d5d7118fc5e265d956ac857703bb433b5b9b5029ae9ec38ab10d3b9e3c

    • SHA512

      8e6991fce2939e1745d1d1dec8a0ef793706c22c4135c388a0662fd4f4355afa00ecd590b83e51a50ef295cf2536a9a3d060868de13496971e42ec33929c3028

    • SSDEEP

      49152:Zl8V/HfDl3v33vqkWo2+rZra+hciZvCOhRv:ZqZ/ZfnvZWo/5hciZvCO7v

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Blocklisted process makes network request

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Tasks