General

  • Target

    c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0

  • Size

    1.3MB

  • Sample

    230620-yclm4adh95

  • MD5

    cef823eb157b4fa0e8524ed48307f345

  • SHA1

    60d5405cbde42850c6d6f9fc5b7fe1773a720f28

  • SHA256

    c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0

  • SHA512

    7b7afd582955f000d62b63f4159d68b7f9d45b8c685e3ad0992ae1eef638cc6e15636adf0dc9fbc6373fd3c58f44f46bf74dfb37a7bb9ec3eae6c74a21b53abc

  • SSDEEP

    24576:Dqmi8tpifdQ8ABVABskA1rz4B8VzWhRTOdlmuC/uZ7R9Ti1wGJRQvZ:umi8bifd+VABnYra3nTOhlxUwGs

Malware Config

Targets

    • Target

      c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0

    • Size

      1.3MB

    • MD5

      cef823eb157b4fa0e8524ed48307f345

    • SHA1

      60d5405cbde42850c6d6f9fc5b7fe1773a720f28

    • SHA256

      c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0

    • SHA512

      7b7afd582955f000d62b63f4159d68b7f9d45b8c685e3ad0992ae1eef638cc6e15636adf0dc9fbc6373fd3c58f44f46bf74dfb37a7bb9ec3eae6c74a21b53abc

    • SSDEEP

      24576:Dqmi8tpifdQ8ABVABskA1rz4B8VzWhRTOdlmuC/uZ7R9Ti1wGJRQvZ:umi8bifd+VABnYra3nTOhlxUwGs

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Downloads MZ/PE file

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Tasks