General

  • Target

    6fe55f3a2e25eefeefe4cd7780b9464edf22ff98cd521613432da04b9718c5f5

  • Size

    12.3MB

  • Sample

    231204-xta29aee97

  • MD5

    b7f713abdbaab1717f17b3a67dc658c3

  • SHA1

    c9566ee59cd47204caee0ef8d39954d60b5fe677

  • SHA256

    6fe55f3a2e25eefeefe4cd7780b9464edf22ff98cd521613432da04b9718c5f5

  • SHA512

    1f5056be0b7dcc54c95f781f5dbe154e79fa0eba3d6a0cfe4cdd0f9aafecd1408cb00eb43d6b38bbbf748d5efbc7bdb8b003a4cd0c67cb3b6a619a33dbcec061

  • SSDEEP

    196608:TEpGwikNodcVWJLoHv9DTnLs/UeeWqV26zxTpgPNpTIgftXfmeidQ08ZPJJU/4Wg:oikGdcsKhaJ68VXfeDSJfme

Malware Config

Targets

    • Target

      6fe55f3a2e25eefeefe4cd7780b9464edf22ff98cd521613432da04b9718c5f5

    • Size

      12.3MB

    • MD5

      b7f713abdbaab1717f17b3a67dc658c3

    • SHA1

      c9566ee59cd47204caee0ef8d39954d60b5fe677

    • SHA256

      6fe55f3a2e25eefeefe4cd7780b9464edf22ff98cd521613432da04b9718c5f5

    • SHA512

      1f5056be0b7dcc54c95f781f5dbe154e79fa0eba3d6a0cfe4cdd0f9aafecd1408cb00eb43d6b38bbbf748d5efbc7bdb8b003a4cd0c67cb3b6a619a33dbcec061

    • SSDEEP

      196608:TEpGwikNodcVWJLoHv9DTnLs/UeeWqV26zxTpgPNpTIgftXfmeidQ08ZPJJU/4Wg:oikGdcsKhaJ68VXfeDSJfme

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks