General

  • Target

    https://vx-underground.org/Samples/

  • Sample

    240229-bef43ahh79

Malware Config

Targets

    • Target

      https://vx-underground.org/Samples/

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • XMRig Miner payload

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks