General

  • Target

    8a39a58b1c3d4c8ee027b99d97e13288e84a664bea9004a1207230dbc031c308

  • Size

    66KB

  • Sample

    240518-ahy9daae6t

  • MD5

    253cea0436a1b11b1bca06b998747f2d

  • SHA1

    efb1c7bbdcfcd911affdfad5c8e9f109af245bbc

  • SHA256

    8a39a58b1c3d4c8ee027b99d97e13288e84a664bea9004a1207230dbc031c308

  • SHA512

    6a91fa6cefa73a8229221bdbaa5deeef611b6cd78f8f4662df0c8de66caedc8cca5874d1d14709f3c405f3bfece880ea23515d474340e11d394445159dcf2982

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIaw:ymb3NkkiQ3mdBjFIFdJ8bl

Malware Config

Targets

    • Target

      8a39a58b1c3d4c8ee027b99d97e13288e84a664bea9004a1207230dbc031c308

    • Size

      66KB

    • MD5

      253cea0436a1b11b1bca06b998747f2d

    • SHA1

      efb1c7bbdcfcd911affdfad5c8e9f109af245bbc

    • SHA256

      8a39a58b1c3d4c8ee027b99d97e13288e84a664bea9004a1207230dbc031c308

    • SHA512

      6a91fa6cefa73a8229221bdbaa5deeef611b6cd78f8f4662df0c8de66caedc8cca5874d1d14709f3c405f3bfece880ea23515d474340e11d394445159dcf2982

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIaw:ymb3NkkiQ3mdBjFIFdJ8bl

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks