General

  • Target

    tmp

  • Size

    1MB

  • Sample

    221130-gxvcasgc7v

  • MD5

    d510a3fab81eadcc39862b4db145a5e7

  • SHA1

    c50fde4474fdb945ee710caa37d7c1b134d1e5f1

  • SHA256

    68f90de160677b3d5e0d95b9948a292376c6530d2cc436ba1debb36b820b273b

  • SHA512

    f8a87b1e01818f31eaf3315151f4c89cb31bd0d17885aaff7fcec818fbefadead491e5145290b59e0886fbc0c7f6973ed716e07550d536e4e586f7acc6ce6b74

  • SSDEEP

    49152:ZdG/kvLHkfvj68gPgczsAQ8DXMH+/EZ6OpJD2oMat:PQeLHke8gPgGsAQkH/EUOpwoJ

Malware Config

Targets

    • Target

      tmp

    • Size

      1MB

    • MD5

      d510a3fab81eadcc39862b4db145a5e7

    • SHA1

      c50fde4474fdb945ee710caa37d7c1b134d1e5f1

    • SHA256

      68f90de160677b3d5e0d95b9948a292376c6530d2cc436ba1debb36b820b273b

    • SHA512

      f8a87b1e01818f31eaf3315151f4c89cb31bd0d17885aaff7fcec818fbefadead491e5145290b59e0886fbc0c7f6973ed716e07550d536e4e586f7acc6ce6b74

    • SSDEEP

      49152:ZdG/kvLHkfvj68gPgczsAQ8DXMH+/EZ6OpJD2oMat:PQeLHke8gPgGsAQkH/EUOpwoJ

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks