General
-
Target
fb05dd4a7f044f7e1cde8efb864f761c1e6a03e4dfd737dd52407dbf933f8bf3
-
Size
1.3MB
-
Sample
230619-yh9xwaha6z
-
MD5
0fff06edf52de0cc26c79ed7ed1b31e4
-
SHA1
984f1e94af2093a683ac387a356fcb7017bfff65
-
SHA256
fb05dd4a7f044f7e1cde8efb864f761c1e6a03e4dfd737dd52407dbf933f8bf3
-
SHA512
bea4f597566ca0dc3ce6931d32d616c93186d9dfc566047d64347661c9ac963190a19aa6c04862da6e4beb3a5944c4bbe53e8b0991a305c1ba60d8276263f686
-
SSDEEP
24576:Pm03NU1px3LX2pV5DN0AVHdD9BBkOunb+K1SEQTizWLzk0nzF:Pm0S1pynNvV9BBBkOC+E5eOW5
Malware Config
Targets
-
-
Target
fb05dd4a7f044f7e1cde8efb864f761c1e6a03e4dfd737dd52407dbf933f8bf3
-
Size
1.3MB
-
MD5
0fff06edf52de0cc26c79ed7ed1b31e4
-
SHA1
984f1e94af2093a683ac387a356fcb7017bfff65
-
SHA256
fb05dd4a7f044f7e1cde8efb864f761c1e6a03e4dfd737dd52407dbf933f8bf3
-
SHA512
bea4f597566ca0dc3ce6931d32d616c93186d9dfc566047d64347661c9ac963190a19aa6c04862da6e4beb3a5944c4bbe53e8b0991a305c1ba60d8276263f686
-
SSDEEP
24576:Pm03NU1px3LX2pV5DN0AVHdD9BBkOunb+K1SEQTizWLzk0nzF:Pm0S1pynNvV9BBBkOC+E5eOW5
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Downloads MZ/PE file
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-