General

  • Target

    03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31

  • Size

    224KB

  • Sample

    240516-ws7jdshd39

  • MD5

    455fa0f4f4cd34d3402a200c703bd361

  • SHA1

    a88b0e4f1fb544fe7e8f337f87ad523fde400ae2

  • SHA256

    03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31

  • SHA512

    bb8c21ec55592621d15ffb09d25aaed1f2da952cca366751d5c6267cafe6819ec664e1027641c1cbe70acf8643a9a5fb2234dae784c0066522cb18c1a8b5d3a3

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL79:n3C9BRo7MlrWKo+lxKZ

Malware Config

Targets

    • Target

      03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31

    • Size

      224KB

    • MD5

      455fa0f4f4cd34d3402a200c703bd361

    • SHA1

      a88b0e4f1fb544fe7e8f337f87ad523fde400ae2

    • SHA256

      03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31

    • SHA512

      bb8c21ec55592621d15ffb09d25aaed1f2da952cca366751d5c6267cafe6819ec664e1027641c1cbe70acf8643a9a5fb2234dae784c0066522cb18c1a8b5d3a3

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL79:n3C9BRo7MlrWKo+lxKZ

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks