General

  • Target

    bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11

  • Size

    11.8MB

  • Sample

    240407-tsxcbage8s

  • MD5

    1f7f24bda1e6d4943dacff51d03c2f5a

  • SHA1

    75f7a7374c875a887b52291dcf4eb7b6a22e7875

  • SHA256

    bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11

  • SHA512

    418de5cac7ae63731e934a4556499b041b072d9823542d9bc5ae8294ea064b51513d91d2ba28a56d53f9e6faa1ce4d14cbf4996b81600aea6158167917ec8b28

  • SSDEEP

    196608:CIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:Cf1xAcX/Or/M07neRJXe6basrSsgabI

Malware Config

Targets

    • Target

      bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11

    • Size

      11.8MB

    • MD5

      1f7f24bda1e6d4943dacff51d03c2f5a

    • SHA1

      75f7a7374c875a887b52291dcf4eb7b6a22e7875

    • SHA256

      bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11

    • SHA512

      418de5cac7ae63731e934a4556499b041b072d9823542d9bc5ae8294ea064b51513d91d2ba28a56d53f9e6faa1ce4d14cbf4996b81600aea6158167917ec8b28

    • SSDEEP

      196608:CIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:Cf1xAcX/Or/M07neRJXe6basrSsgabI

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks