General

  • Target

    bb506fafa94816355f6d22e258c65a76624db1f6ece8e13ce8bca03e829edbcf

  • Size

    392KB

  • Sample

    240518-c1yrnsgc32

  • MD5

    7c5128260d2751db4d07a04d14935e39

  • SHA1

    5d6f2f5d5b1aa5891bb9b9da4cd48ba2485e6d43

  • SHA256

    bb506fafa94816355f6d22e258c65a76624db1f6ece8e13ce8bca03e829edbcf

  • SHA512

    4304341eb99103fe3e6336c070571f5f76de3c9c1d2a09f3a0ec6b211ad6ed6ced1aec4a8f97dccbb79f33dd1730f6c19740b82a83698a1bf486b145b32fd0bb

  • SSDEEP

    6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwO/:n3C9uYA7okVqdKwaO5CVh

Malware Config

Targets

    • Target

      bb506fafa94816355f6d22e258c65a76624db1f6ece8e13ce8bca03e829edbcf

    • Size

      392KB

    • MD5

      7c5128260d2751db4d07a04d14935e39

    • SHA1

      5d6f2f5d5b1aa5891bb9b9da4cd48ba2485e6d43

    • SHA256

      bb506fafa94816355f6d22e258c65a76624db1f6ece8e13ce8bca03e829edbcf

    • SHA512

      4304341eb99103fe3e6336c070571f5f76de3c9c1d2a09f3a0ec6b211ad6ed6ced1aec4a8f97dccbb79f33dd1730f6c19740b82a83698a1bf486b145b32fd0bb

    • SSDEEP

      6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwO/:n3C9uYA7okVqdKwaO5CVh

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks