General

  • Target

    bf4b976a1f5463cc69c91a715f69038d0b2ed8ce24f66597f9d6b3f934b28589

  • Size

    9.4MB

  • Sample

    231204-h96frshf87

  • MD5

    f670b763d894887c46c9300c20e027dd

  • SHA1

    63d588303e9588737e7b6c7d77f911850cfd1e1c

  • SHA256

    bf4b976a1f5463cc69c91a715f69038d0b2ed8ce24f66597f9d6b3f934b28589

  • SHA512

    49969decb11fe4a0cf34a9532fec5184cecec3fc2de9b2de836299613953ed4514b5424df76dbf9dc25931372f8fa2af1ae4e0dcd92f7314bdd24cd0fb3bc12c

  • SSDEEP

    196608:3TBChPzZW0SKiJvWuwDtrvAvKUygRWGi8ZFJ5cs0u5KlG4SnmEdJI1rZ:l0zvGEDAvKcRWGiw50Ux4Yg

Malware Config

Targets

    • Target

      bf4b976a1f5463cc69c91a715f69038d0b2ed8ce24f66597f9d6b3f934b28589

    • Size

      9.4MB

    • MD5

      f670b763d894887c46c9300c20e027dd

    • SHA1

      63d588303e9588737e7b6c7d77f911850cfd1e1c

    • SHA256

      bf4b976a1f5463cc69c91a715f69038d0b2ed8ce24f66597f9d6b3f934b28589

    • SHA512

      49969decb11fe4a0cf34a9532fec5184cecec3fc2de9b2de836299613953ed4514b5424df76dbf9dc25931372f8fa2af1ae4e0dcd92f7314bdd24cd0fb3bc12c

    • SSDEEP

      196608:3TBChPzZW0SKiJvWuwDtrvAvKUygRWGi8ZFJ5cs0u5KlG4SnmEdJI1rZ:l0zvGEDAvKcRWGiw50Ux4Yg

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks