General

  • Target

    tmp

  • Size

    4.3MB

  • Sample

    230628-ppn5bahd93

  • MD5

    ab3ad25cdcf1f451563cf08b50f415a1

  • SHA1

    e684008debaa280316ab4c35d47479a20d030057

  • SHA256

    a53c8d5d80b788145c7903b7fac6515f4ec6064a78f175ef224ed6f8ef071e2d

  • SHA512

    b8e9d1973162bdd18f53e3917d9ddb36eea25f78bd22be1b06c5e171b08292a7cd23c9c39e783394708c701e902c510a23f67219dafc479d1b7289219e7bf9e4

  • SSDEEP

    98304:NS3PA2sI9rJZndrsPfACApodEiyaww2owkeIFNQTSSYTM9YKe9AYoDDN5xnr7GMj:NS/AtI9rOPIhU72o5Np7KMhoDh5xnI2Z

Malware Config

Targets

    • Target

      tmp

    • Size

      4.3MB

    • MD5

      ab3ad25cdcf1f451563cf08b50f415a1

    • SHA1

      e684008debaa280316ab4c35d47479a20d030057

    • SHA256

      a53c8d5d80b788145c7903b7fac6515f4ec6064a78f175ef224ed6f8ef071e2d

    • SHA512

      b8e9d1973162bdd18f53e3917d9ddb36eea25f78bd22be1b06c5e171b08292a7cd23c9c39e783394708c701e902c510a23f67219dafc479d1b7289219e7bf9e4

    • SSDEEP

      98304:NS3PA2sI9rJZndrsPfACApodEiyaww2owkeIFNQTSSYTM9YKe9AYoDDN5xnr7GMj:NS/AtI9rOPIhU72o5Np7KMhoDh5xnI2Z

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks