General

  • Target

    a636a3e36e10fe23d1f15535c037fb3dba585d1e8930dacc4dc930032603dc7c

  • Size

    9.4MB

  • Sample

    231211-fk21yaegc3

  • MD5

    9a0aed40f0c3208d905c5b54b5b7250a

  • SHA1

    52dd54eef2df30b1acdd665dfe45f603489a812e

  • SHA256

    a636a3e36e10fe23d1f15535c037fb3dba585d1e8930dacc4dc930032603dc7c

  • SHA512

    bdf3c23a6e844cb4ffebf39ce4dbab45b031c7d813915b9cf5e86ce6be99ecf4e40d1aa06f48ae9a9cc62863c340f50b4b8e1b22e0db2b5c0511ec64ba43d80f

  • SSDEEP

    196608:yD5erFKMBaL445l3oHoW7VjYODWbyBxTtARF020kj5J:yDqFKMe44H3oIW7tYeWSHARu20kjD

Malware Config

Targets

    • Target

      a636a3e36e10fe23d1f15535c037fb3dba585d1e8930dacc4dc930032603dc7c

    • Size

      9.4MB

    • MD5

      9a0aed40f0c3208d905c5b54b5b7250a

    • SHA1

      52dd54eef2df30b1acdd665dfe45f603489a812e

    • SHA256

      a636a3e36e10fe23d1f15535c037fb3dba585d1e8930dacc4dc930032603dc7c

    • SHA512

      bdf3c23a6e844cb4ffebf39ce4dbab45b031c7d813915b9cf5e86ce6be99ecf4e40d1aa06f48ae9a9cc62863c340f50b4b8e1b22e0db2b5c0511ec64ba43d80f

    • SSDEEP

      196608:yD5erFKMBaL445l3oHoW7VjYODWbyBxTtARF020kj5J:yDqFKMe44H3oIW7tYeWSHARu20kjD

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks