General

  • Target

    c0f579a583852a8cff9878a122cfb6eb0eadca56f6f7c530311543d427f812a3

  • Size

    78KB

  • Sample

    240504-czt24aba8w

  • MD5

    2ad142098a4c969d4317b60c1932c948

  • SHA1

    be01a69f4cb90e3e0e9d40f4e0a2696767f1621e

  • SHA256

    c0f579a583852a8cff9878a122cfb6eb0eadca56f6f7c530311543d427f812a3

  • SHA512

    7252fcaa04fd5004e7779412b9ab62fd45d12196c6c1eba3a4e4ad935292895e2a51d19d704440e7a65d57cd1bbd5f1863a5fb6c7e856748bb1879e648151739

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgC/KSLJEd2arzle:ymb3NkkiQ3mdBjFI3eFC/rzA

Malware Config

Targets

    • Target

      c0f579a583852a8cff9878a122cfb6eb0eadca56f6f7c530311543d427f812a3

    • Size

      78KB

    • MD5

      2ad142098a4c969d4317b60c1932c948

    • SHA1

      be01a69f4cb90e3e0e9d40f4e0a2696767f1621e

    • SHA256

      c0f579a583852a8cff9878a122cfb6eb0eadca56f6f7c530311543d427f812a3

    • SHA512

      7252fcaa04fd5004e7779412b9ab62fd45d12196c6c1eba3a4e4ad935292895e2a51d19d704440e7a65d57cd1bbd5f1863a5fb6c7e856748bb1879e648151739

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgC/KSLJEd2arzle:ymb3NkkiQ3mdBjFI3eFC/rzA

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks