General

  • Target

    b1e9a2dc2f988bb56475cf8040c2fe585f5cd5f986145482d4da94e6ed6b9d93

  • Size

    306KB

  • Sample

    240518-ch7xmafc7y

  • MD5

    148edfb8c4a70b4a6e53b41817fce2cc

  • SHA1

    62924d838e8347b4b550118af8aea97f05c5f100

  • SHA256

    b1e9a2dc2f988bb56475cf8040c2fe585f5cd5f986145482d4da94e6ed6b9d93

  • SHA512

    6f1006e2c89f8ad0471021f98907e0155202b60d1a3ea9d881a7648587ebe7892450f72b1b5865cfa0c825a5b07df8063d25ec0801ffed9c711e65c7697524c3

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9eMD:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9eM

Malware Config

Targets

    • Target

      b1e9a2dc2f988bb56475cf8040c2fe585f5cd5f986145482d4da94e6ed6b9d93

    • Size

      306KB

    • MD5

      148edfb8c4a70b4a6e53b41817fce2cc

    • SHA1

      62924d838e8347b4b550118af8aea97f05c5f100

    • SHA256

      b1e9a2dc2f988bb56475cf8040c2fe585f5cd5f986145482d4da94e6ed6b9d93

    • SHA512

      6f1006e2c89f8ad0471021f98907e0155202b60d1a3ea9d881a7648587ebe7892450f72b1b5865cfa0c825a5b07df8063d25ec0801ffed9c711e65c7697524c3

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9eMD:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9eM

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks