General

  • Target

    8eb0febfcc7b553428cdcdf37ec3fd60429167f35f9bffcfd54fe37526ca0759

  • Size

    67KB

  • Sample

    240518-arzw9sba9s

  • MD5

    9478b76ee02954ccd871510cca5a674d

  • SHA1

    bd872de0e09fcb7dd2dc68e7fd6f4f17cfc53442

  • SHA256

    8eb0febfcc7b553428cdcdf37ec3fd60429167f35f9bffcfd54fe37526ca0759

  • SHA512

    2e70068e2ac70eec8f6c1cbd40f5d065dcd607dd6a25d5d47b2c44f5485e56674796e297fde45a689c0de4c2314a00b9a99cc68a37ff7944c7303b2e4a8a43af

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLrC:ymb3NkkiQ3mdBjFIvl358nLrC

Malware Config

Targets

    • Target

      8eb0febfcc7b553428cdcdf37ec3fd60429167f35f9bffcfd54fe37526ca0759

    • Size

      67KB

    • MD5

      9478b76ee02954ccd871510cca5a674d

    • SHA1

      bd872de0e09fcb7dd2dc68e7fd6f4f17cfc53442

    • SHA256

      8eb0febfcc7b553428cdcdf37ec3fd60429167f35f9bffcfd54fe37526ca0759

    • SHA512

      2e70068e2ac70eec8f6c1cbd40f5d065dcd607dd6a25d5d47b2c44f5485e56674796e297fde45a689c0de4c2314a00b9a99cc68a37ff7944c7303b2e4a8a43af

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLrC:ymb3NkkiQ3mdBjFIvl358nLrC

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks