General
-
Target
b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296
-
Size
1.3MB
-
Sample
230628-za9gtabh7w
-
MD5
0b037e3d12262a1638c1217fae8773a1
-
SHA1
e233cc1d6d71034f77d17d89658d2052b1038db5
-
SHA256
b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296
-
SHA512
35a2381a73e56718ff6d55661708a0230a4de2c3770ff7b5825f22dfc1a757515a5555a14fce737d9806406df3833c7f415a15a30b3ff67fcc43f3239b408529
-
SSDEEP
24576:fzgTLkcevOAJHPSTacyR3uunznkX4C+YyRGG6yaHDMEw:fzgTOey7gX4KiSD0
Malware Config
Targets
-
-
Target
b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296
-
Size
1.3MB
-
MD5
0b037e3d12262a1638c1217fae8773a1
-
SHA1
e233cc1d6d71034f77d17d89658d2052b1038db5
-
SHA256
b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296
-
SHA512
35a2381a73e56718ff6d55661708a0230a4de2c3770ff7b5825f22dfc1a757515a5555a14fce737d9806406df3833c7f415a15a30b3ff67fcc43f3239b408529
-
SSDEEP
24576:fzgTLkcevOAJHPSTacyR3uunznkX4C+YyRGG6yaHDMEw:fzgTOey7gX4KiSD0
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-