General

  • Target

    c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f

  • Size

    11.8MB

  • Sample

    240407-tjbn9agc3y

  • MD5

    ce01188db1fd97f5aec59e1293210e8b

  • SHA1

    995f320d592d3ddf29ac5749e9e32da67d0e2069

  • SHA256

    c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f

  • SHA512

    e4648d95a7bd3d2312c2e82f41811be419252e154980df6637c43c60cda170242b82b69c45354be6e3b4e3765b81e807e2275b58a5d4b45b8ae4ae71e8b7d9c2

  • SSDEEP

    196608:vIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:vf1xAcX/Or/M07neRJXe6basrSsgabI

Malware Config

Targets

    • Target

      c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f

    • Size

      11.8MB

    • MD5

      ce01188db1fd97f5aec59e1293210e8b

    • SHA1

      995f320d592d3ddf29ac5749e9e32da67d0e2069

    • SHA256

      c093f7ef47ad7bfb1fee45420ff42751fbef4e22c00a196a3a313744cdaa591f

    • SHA512

      e4648d95a7bd3d2312c2e82f41811be419252e154980df6637c43c60cda170242b82b69c45354be6e3b4e3765b81e807e2275b58a5d4b45b8ae4ae71e8b7d9c2

    • SSDEEP

      196608:vIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:vf1xAcX/Or/M07neRJXe6basrSsgabI

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks