General

  • Target

    93c4ed64dc4c94a5ee75d3b71bcd05779e6144ad3e16801d0c7dd6edcf33727f

  • Size

    129KB

  • Sample

    221129-fwfxvaha39

  • MD5

    32ceef1cc2a15e91db6645b0e1c94b54

  • SHA1

    cf76717ac222d121d8ff7843627b1e31a21b8240

  • SHA256

    93c4ed64dc4c94a5ee75d3b71bcd05779e6144ad3e16801d0c7dd6edcf33727f

  • SHA512

    9385e85035d75519158123b8463c8f33599eef64bda32b526a5cd7ecd7b50a5bfaa1ccaba416ae1db08af344de64a98cc041a5dba9f724359c6336c23e3cfe2f

  • SSDEEP

    3072:Z+WNkNXcl6hRICWl3BmFGTd2ko7o1jzzX5mTout:Z+WNOnh6CWl3VMbS3T8ToS

Malware Config

Targets

    • Target

      93c4ed64dc4c94a5ee75d3b71bcd05779e6144ad3e16801d0c7dd6edcf33727f

    • Size

      129KB

    • MD5

      32ceef1cc2a15e91db6645b0e1c94b54

    • SHA1

      cf76717ac222d121d8ff7843627b1e31a21b8240

    • SHA256

      93c4ed64dc4c94a5ee75d3b71bcd05779e6144ad3e16801d0c7dd6edcf33727f

    • SHA512

      9385e85035d75519158123b8463c8f33599eef64bda32b526a5cd7ecd7b50a5bfaa1ccaba416ae1db08af344de64a98cc041a5dba9f724359c6336c23e3cfe2f

    • SSDEEP

      3072:Z+WNkNXcl6hRICWl3BmFGTd2ko7o1jzzX5mTout:Z+WNOnh6CWl3VMbS3T8ToS

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies AppInit DLL entries

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Privilege Escalation

                      Tasks