General

  • Target

    cf23e2de4f7ae6b0a8bbb1c5b60a69d36a21691a375bb80d8a8cb8d545398aa7

  • Size

    6.0MB

  • Sample

    231211-dgxwpscee7

  • MD5

    4ac6089edb7aa819aff1ab779cd0f1f9

  • SHA1

    b7229e7fde2b07f2aed5ac3c55bd783b79400187

  • SHA256

    cf23e2de4f7ae6b0a8bbb1c5b60a69d36a21691a375bb80d8a8cb8d545398aa7

  • SHA512

    04695dc1ff092afb057a60475a3b62d9184cfdfca6aad3cc733e3a165d185b1b706da681a1668860bf0d034f037ec31e772f9e5b2bd636988ae49d4be25d8b66

  • SSDEEP

    98304:64A28GhIwvB6PyEJInTM4cK3Wp+Ic+G5qCDf8DeO2Of3m/jwKMk0Su4xILRFU/lX:8shDSyTnTPm7aqCDf8/2Ovm/jwKMknI8

Malware Config

Targets

    • Target

      cf23e2de4f7ae6b0a8bbb1c5b60a69d36a21691a375bb80d8a8cb8d545398aa7

    • Size

      6.0MB

    • MD5

      4ac6089edb7aa819aff1ab779cd0f1f9

    • SHA1

      b7229e7fde2b07f2aed5ac3c55bd783b79400187

    • SHA256

      cf23e2de4f7ae6b0a8bbb1c5b60a69d36a21691a375bb80d8a8cb8d545398aa7

    • SHA512

      04695dc1ff092afb057a60475a3b62d9184cfdfca6aad3cc733e3a165d185b1b706da681a1668860bf0d034f037ec31e772f9e5b2bd636988ae49d4be25d8b66

    • SSDEEP

      98304:64A28GhIwvB6PyEJInTM4cK3Wp+Ic+G5qCDf8DeO2Of3m/jwKMk0Su4xILRFU/lX:8shDSyTnTPm7aqCDf8/2Ovm/jwKMknI8

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks