General

  • Target

    aff164865dc912a41068c997ae2d324f7ff25d676ebe5dd55f766c742b75b733

  • Size

    67KB

  • Sample

    240518-cfgmnafb6y

  • MD5

    2b99cc1ff284162d49969d540f47ef15

  • SHA1

    2bf39b1517818db42a6cd7152c9aff28ef74e907

  • SHA256

    aff164865dc912a41068c997ae2d324f7ff25d676ebe5dd55f766c742b75b733

  • SHA512

    f48554476e27c59a8cd8a5c1be647bddd7ce51d6ce5202e0723dc1b5cc9f82ca683f82acfbd2ace1c71550b1eb193014a4dba82835c66018def4dbcaa426828a

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIVN:ymb3NkkiQ3mdBjFIFdJ8bL

Malware Config

Targets

    • Target

      aff164865dc912a41068c997ae2d324f7ff25d676ebe5dd55f766c742b75b733

    • Size

      67KB

    • MD5

      2b99cc1ff284162d49969d540f47ef15

    • SHA1

      2bf39b1517818db42a6cd7152c9aff28ef74e907

    • SHA256

      aff164865dc912a41068c997ae2d324f7ff25d676ebe5dd55f766c742b75b733

    • SHA512

      f48554476e27c59a8cd8a5c1be647bddd7ce51d6ce5202e0723dc1b5cc9f82ca683f82acfbd2ace1c71550b1eb193014a4dba82835c66018def4dbcaa426828a

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIVN:ymb3NkkiQ3mdBjFIFdJ8bL

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks