General

  • Target

    5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17

  • Size

    47KB

  • Sample

    221123-xrmy2aag6z

  • MD5

    bc3b89ff961b17e7959f68eabb2eafa4

  • SHA1

    18194656b2458d8e12e98342ddbb5811da759fe6

  • SHA256

    5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17

  • SHA512

    92cd62ec5f7c27df94a46497d8b311415c68ff394c7ef5a54130e0bdfd59c3309c41a7d44dfa728e9149fc4b6ce0d9e036086d88dad5fa37fcf3fe1a8f95f43e

  • SSDEEP

    768:+IDCKubA0FRe1EvvUe36jnZ7WklzEQJQnXP60IT7HUCt8QYvHaOKy90A12pNh1aX:VEU1EvvUVjcMzbJaP60ITUCGFv6ZuXwU

Malware Config

Targets

    • Target

      5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17

    • Size

      47KB

    • MD5

      bc3b89ff961b17e7959f68eabb2eafa4

    • SHA1

      18194656b2458d8e12e98342ddbb5811da759fe6

    • SHA256

      5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17

    • SHA512

      92cd62ec5f7c27df94a46497d8b311415c68ff394c7ef5a54130e0bdfd59c3309c41a7d44dfa728e9149fc4b6ce0d9e036086d88dad5fa37fcf3fe1a8f95f43e

    • SSDEEP

      768:+IDCKubA0FRe1EvvUe36jnZ7WklzEQJQnXP60IT7HUCt8QYvHaOKy90A12pNh1aX:VEU1EvvUVjcMzbJaP60ITUCGFv6ZuXwU

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks