General

  • Target

    923a0952a922005e47415ccad71355b26c2bfa7f6af06c504ee03636aa5a1a15

  • Size

    360KB

  • Sample

    240518-axp91sbd32

  • MD5

    6a3f4e9fa4c966805b236536b991e54b

  • SHA1

    e9460fb0b77ac5f266b5ed87baba463e8b32ba92

  • SHA256

    923a0952a922005e47415ccad71355b26c2bfa7f6af06c504ee03636aa5a1a15

  • SHA512

    697833c2af4252b0f1899a8eb38ebef626077c8a9b0bf11098cff510327f18b8fc95e56c6a6ee492c6d11556be11954c6b4fbb583b8f313e267d1432bdd3b0b1

  • SSDEEP

    6144:Zcm7ImGddX4S8cm7ImGddEJcm7ImGddXRS8E91cm7IFbYLcm7ImGdga1x:j7Tcov7TcQ7TchI7l7Tba1x

Malware Config

Targets

    • Target

      923a0952a922005e47415ccad71355b26c2bfa7f6af06c504ee03636aa5a1a15

    • Size

      360KB

    • MD5

      6a3f4e9fa4c966805b236536b991e54b

    • SHA1

      e9460fb0b77ac5f266b5ed87baba463e8b32ba92

    • SHA256

      923a0952a922005e47415ccad71355b26c2bfa7f6af06c504ee03636aa5a1a15

    • SHA512

      697833c2af4252b0f1899a8eb38ebef626077c8a9b0bf11098cff510327f18b8fc95e56c6a6ee492c6d11556be11954c6b4fbb583b8f313e267d1432bdd3b0b1

    • SSDEEP

      6144:Zcm7ImGddX4S8cm7ImGddEJcm7ImGddXRS8E91cm7IFbYLcm7ImGdga1x:j7Tcov7TcQ7TchI7l7Tba1x

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks