General
-
Target
08dbd438e6da6ed529558bf13b17090346fc43c864aaa5981f4edabb15eb4e19.zip
-
Size
111KB
-
Sample
230517-ctnccsde29
-
MD5
88ac3b3c6c7f8c9a4d27e25bdee8a5dc
-
SHA1
455aff8bd4e1e918602120c9b60ff0ad158b7b19
-
SHA256
40de407398fe8b3b4aecb085bef960e077ba061f10a208099500e87e994775b6
-
SHA512
b6f2bf7e056ba4234341f8b2e8dfd58d567c272f9e1137a0fa3dc1e7c557a5a27e69f0a013425e90c868dcf6ef570a020d69125bf4b8ae35e97b0fe72d695db0
-
SSDEEP
3072:HF6ZVK7PyPhWqs98XQIvuPwTJsqrqRDmXWdEG1ABnryGMwBu:Hgo6RsyXQIvuGJsZRKmdEWAh1Tu
Malware Config
Targets
-
-
Target
08dbd438e6da6ed529558bf13b17090346fc43c864aaa5981f4edabb15eb4e19
-
Size
232KB
-
MD5
511ef2a273cf6aa9ed79a5ba1d20732a
-
SHA1
b2973d6fa4e44bbd23b0dd8a59023da51255091f
-
SHA256
08dbd438e6da6ed529558bf13b17090346fc43c864aaa5981f4edabb15eb4e19
-
SHA512
d8b7fde518e794f9d4066d548afd25fd2371300daa190572bd4c92306d0a637e5ae113b6cd29fdcb176c7ba7f60c0324a42a3d5423bd304e17c22d46a3592879
-
SSDEEP
3072:D3VmqeE1i0jbQEYvubUHVIHRvwtGyod8tEB1EpWtDiMNUavlm8+:D3VmqeE11jivGUHVUhyosGDiMb5
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-