General

  • Target

    02f289afea55562825514bea687992fe

  • Size

    129KB

  • Sample

    231224-sgxchabefj

  • MD5

    02f289afea55562825514bea687992fe

  • SHA1

    b2acd397873bb99b15772397b3c8d9187cef9bc0

  • SHA256

    6c13d1ffcaa86e0fbe2cce1b69789d7d7c0aa98e4358dd044287e913d07d7e15

  • SHA512

    4294716259c073357e4dfc7e712a9fc089703614e449c65db2899f58fdb9e5655e221733933c5527f7c21840c4c17f344d43032d93ca0911978c4a180c4285f5

  • SSDEEP

    3072:Pn+NcOOqIGx6PBewfgJE0O1kL1q4n4EvqA6rRrr0W5Pt1eJuwout:P+NXvIGEPBeY0O0fn61rrL51/woS

Malware Config

Targets

    • Target

      02f289afea55562825514bea687992fe

    • Size

      129KB

    • MD5

      02f289afea55562825514bea687992fe

    • SHA1

      b2acd397873bb99b15772397b3c8d9187cef9bc0

    • SHA256

      6c13d1ffcaa86e0fbe2cce1b69789d7d7c0aa98e4358dd044287e913d07d7e15

    • SHA512

      4294716259c073357e4dfc7e712a9fc089703614e449c65db2899f58fdb9e5655e221733933c5527f7c21840c4c17f344d43032d93ca0911978c4a180c4285f5

    • SSDEEP

      3072:Pn+NcOOqIGx6PBewfgJE0O1kL1q4n4EvqA6rRrr0W5Pt1eJuwout:P+NXvIGEPBeY0O0fn61rrL51/woS

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks