General

  • Target

    898caf9f402b48b963a182e2aafd605bccdac4e33950702d08d3f386d246798e

  • Size

    74KB

  • Sample

    240518-agmh7aad59

  • MD5

    5c3bb52dfdb22f0ebfecac3845852718

  • SHA1

    77f7cedc4f1a2965d6fd49bf70a4c62b6e194840

  • SHA256

    898caf9f402b48b963a182e2aafd605bccdac4e33950702d08d3f386d246798e

  • SHA512

    f3b49e978f212f9adccbb62121724897f9a855f54323dcbacda4a6a188b5efdfc950c81ea2efd3c066e3882bdcd2a89ec9cc490749067a1c0e023a01f0e3b25d

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqK0:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqK0

Malware Config

Targets

    • Target

      898caf9f402b48b963a182e2aafd605bccdac4e33950702d08d3f386d246798e

    • Size

      74KB

    • MD5

      5c3bb52dfdb22f0ebfecac3845852718

    • SHA1

      77f7cedc4f1a2965d6fd49bf70a4c62b6e194840

    • SHA256

      898caf9f402b48b963a182e2aafd605bccdac4e33950702d08d3f386d246798e

    • SHA512

      f3b49e978f212f9adccbb62121724897f9a855f54323dcbacda4a6a188b5efdfc950c81ea2efd3c066e3882bdcd2a89ec9cc490749067a1c0e023a01f0e3b25d

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqK0:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqK0

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks