General

  • Target

    b218a167d2362b4259eb7d0886c324bd39c9a4d7434560fe2c0dc1801d59b652

  • Size

    294KB

  • Sample

    240518-cj4atsfd3y

  • MD5

    31fdf2fe0d1772b86636dcf4ba8bebd3

  • SHA1

    8bea25dbeb855d4bfdfbe577952d562a437cb707

  • SHA256

    b218a167d2362b4259eb7d0886c324bd39c9a4d7434560fe2c0dc1801d59b652

  • SHA512

    0163d7d012a8681236ebf82d7f064e4aa45965edc951305693e5b210294dd5ed8162c902816a7e94ad632f41f7b617c298f0239c47f8464ad379acee040509e2

  • SSDEEP

    6144:ccm4FmowdHoSQkuObHq9ltAszBd+za/p1slTjZXvEQo9dftOw:K4wFHoSQkuUHk1zBR/pMT9XvEhdfv

Malware Config

Targets

    • Target

      b218a167d2362b4259eb7d0886c324bd39c9a4d7434560fe2c0dc1801d59b652

    • Size

      294KB

    • MD5

      31fdf2fe0d1772b86636dcf4ba8bebd3

    • SHA1

      8bea25dbeb855d4bfdfbe577952d562a437cb707

    • SHA256

      b218a167d2362b4259eb7d0886c324bd39c9a4d7434560fe2c0dc1801d59b652

    • SHA512

      0163d7d012a8681236ebf82d7f064e4aa45965edc951305693e5b210294dd5ed8162c902816a7e94ad632f41f7b617c298f0239c47f8464ad379acee040509e2

    • SSDEEP

      6144:ccm4FmowdHoSQkuObHq9ltAszBd+za/p1slTjZXvEQo9dftOw:K4wFHoSQkuUHk1zBR/pMT9XvEhdfv

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks