General

  • Target

    8d5e7fe2c9f2a80d209b90e66c9f9cc357dbdb9081646a8b3e8eb4e0c71ee63a

  • Size

    95KB

  • Sample

    240518-apmtxsah42

  • MD5

    41950a9ecc63dc0a3593f070e7b7f0c6

  • SHA1

    51e29a0aa639525f5e7968e4577a035723ea59d8

  • SHA256

    8d5e7fe2c9f2a80d209b90e66c9f9cc357dbdb9081646a8b3e8eb4e0c71ee63a

  • SHA512

    8ecb382b67350a127fd39322a557368f22c49025555333b7be67713ebdf242cdeba98e0f40b993d70d79c46732d23475ce7afd325298b7b2bbb2da57da30e98c

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrAC:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrV

Malware Config

Targets

    • Target

      8d5e7fe2c9f2a80d209b90e66c9f9cc357dbdb9081646a8b3e8eb4e0c71ee63a

    • Size

      95KB

    • MD5

      41950a9ecc63dc0a3593f070e7b7f0c6

    • SHA1

      51e29a0aa639525f5e7968e4577a035723ea59d8

    • SHA256

      8d5e7fe2c9f2a80d209b90e66c9f9cc357dbdb9081646a8b3e8eb4e0c71ee63a

    • SHA512

      8ecb382b67350a127fd39322a557368f22c49025555333b7be67713ebdf242cdeba98e0f40b993d70d79c46732d23475ce7afd325298b7b2bbb2da57da30e98c

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrAC:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrV

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks