General

  • Target

    cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

  • Size

    284KB

  • Sample

    230607-x8b8vsfe6v

  • MD5

    bf76d38a92d92b208c60c8a4004110c3

  • SHA1

    ccefd7aa5fcafc7dfb6d20e43b3640ab24871d2f

  • SHA256

    cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

  • SHA512

    9d360af90ea08351e84bbecd133f842688f75262376aab2fdadf7a0f8c34a0ab771cbfd1c6389a718714cba19d4c6f5f29d67e50acb0f9cdf4990d5a3f9e984b

  • SSDEEP

    3072:DGkl+FzE+m817lZ5U3VGSbWsSKXRu/+LjrEtECyqewTvDyRxeUB2JpC:DGkl+Fo87ljwVGSb9pL1Ctpy32Jp

Malware Config

Targets

    • Target

      cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

    • Size

      284KB

    • MD5

      bf76d38a92d92b208c60c8a4004110c3

    • SHA1

      ccefd7aa5fcafc7dfb6d20e43b3640ab24871d2f

    • SHA256

      cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

    • SHA512

      9d360af90ea08351e84bbecd133f842688f75262376aab2fdadf7a0f8c34a0ab771cbfd1c6389a718714cba19d4c6f5f29d67e50acb0f9cdf4990d5a3f9e984b

    • SSDEEP

      3072:DGkl+FzE+m817lZ5U3VGSbWsSKXRu/+LjrEtECyqewTvDyRxeUB2JpC:DGkl+Fo87ljwVGSb9pL1Ctpy32Jp

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks