General

  • Target

    c9f5918b70267efc8855875589767ebf52377ee0a811185fd37da6999b8c1dae

  • Size

    486KB

  • Sample

    240413-b4mcdahh99

  • MD5

    55207dec375671f55ffd68b1a0d9370e

  • SHA1

    4edb4b3d7a998e184f6c8c83bc7cb6da720e1ce5

  • SHA256

    c9f5918b70267efc8855875589767ebf52377ee0a811185fd37da6999b8c1dae

  • SHA512

    d4ef4b8c01737c6dfc37942ed3b6e02f571a89436936764caf6f1a0909802f910bb216da099e017f018405487699a4ddbfe6dbb280b7c6816988adabc22bfe8f

  • SSDEEP

    6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVV:n3C9ytvngQjgtvngSV3CPobNVV

Malware Config

Targets

    • Target

      c9f5918b70267efc8855875589767ebf52377ee0a811185fd37da6999b8c1dae

    • Size

      486KB

    • MD5

      55207dec375671f55ffd68b1a0d9370e

    • SHA1

      4edb4b3d7a998e184f6c8c83bc7cb6da720e1ce5

    • SHA256

      c9f5918b70267efc8855875589767ebf52377ee0a811185fd37da6999b8c1dae

    • SHA512

      d4ef4b8c01737c6dfc37942ed3b6e02f571a89436936764caf6f1a0909802f910bb216da099e017f018405487699a4ddbfe6dbb280b7c6816988adabc22bfe8f

    • SSDEEP

      6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVV:n3C9ytvngQjgtvngSV3CPobNVV

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks