General

  • Target

    82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81

  • Size

    74KB

  • Sample

    240518-3alyasdg63

  • MD5

    a97612fd5a2199ec851146d78f541c25

  • SHA1

    e642d7cd451946183114ce2ff6499d86045e432a

  • SHA256

    82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81

  • SHA512

    77fa71fd6441b830a7c7aed47f190ca572690307b058fd06e5582c0bb99317343d6ba85d5f63be5755c78f38a867c32a911ff57db0a3775118e6cb611435e46e

  • SSDEEP

    1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8Aeb3F7:ChOmTsF93UYfwC6GIoutAeb3l

Malware Config

Targets

    • Target

      82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81

    • Size

      74KB

    • MD5

      a97612fd5a2199ec851146d78f541c25

    • SHA1

      e642d7cd451946183114ce2ff6499d86045e432a

    • SHA256

      82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81

    • SHA512

      77fa71fd6441b830a7c7aed47f190ca572690307b058fd06e5582c0bb99317343d6ba85d5f63be5755c78f38a867c32a911ff57db0a3775118e6cb611435e46e

    • SSDEEP

      1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8Aeb3F7:ChOmTsF93UYfwC6GIoutAeb3l

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks