General

  • Target

    91982563e3a1e56782d3042d2afc2ca1977266f58220dd611133e363bb27457a

  • Size

    292KB

  • Sample

    240518-awdvlabc8s

  • MD5

    55cef73d19e684c0e7303e69c3545414

  • SHA1

    d313d4de849054d8585836e179fe8d69d67e8a7c

  • SHA256

    91982563e3a1e56782d3042d2afc2ca1977266f58220dd611133e363bb27457a

  • SHA512

    5d5455e94404b5ffc517d7da214c5a7ff054692bc4e2ca218177b50d00d1df9b95683d083ff12460e1aacd0292a8e48eedc696bcd0539aa8b1205162b1796a80

  • SSDEEP

    6144:9cm4FmowdHoS4/8UJCf4upvUjQSmpikAAFH:/4wFHoS4kUJE4IuzQifAFH

Malware Config

Targets

    • Target

      91982563e3a1e56782d3042d2afc2ca1977266f58220dd611133e363bb27457a

    • Size

      292KB

    • MD5

      55cef73d19e684c0e7303e69c3545414

    • SHA1

      d313d4de849054d8585836e179fe8d69d67e8a7c

    • SHA256

      91982563e3a1e56782d3042d2afc2ca1977266f58220dd611133e363bb27457a

    • SHA512

      5d5455e94404b5ffc517d7da214c5a7ff054692bc4e2ca218177b50d00d1df9b95683d083ff12460e1aacd0292a8e48eedc696bcd0539aa8b1205162b1796a80

    • SSDEEP

      6144:9cm4FmowdHoS4/8UJCf4upvUjQSmpikAAFH:/4wFHoS4kUJE4IuzQifAFH

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks