General

  • Target

    b1fa5f6bf0e662ee8398f7e162d1fb46c46a1d05a72e4e40e162fa49e68bc083

  • Size

    368KB

  • Sample

    240518-cjd1yafc66

  • MD5

    73ba922b49f94fda8c44dbe99f07957f

  • SHA1

    7b7366139a0c857cc13b39a10ff4ece2575c3e02

  • SHA256

    b1fa5f6bf0e662ee8398f7e162d1fb46c46a1d05a72e4e40e162fa49e68bc083

  • SHA512

    4534235daee6732366ea9f28d740b3254a7d25e179efe3fe3193da0844d177e04be178beb2ea5a1e812185caacbb489fd661b6a9ee620793fb8234b4a7d8eb45

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWGIaxJ8TN005pWmjVwdSsyr:n3C9BRo7tvnJ9Fywhk/T7xyTpShZu

Malware Config

Targets

    • Target

      b1fa5f6bf0e662ee8398f7e162d1fb46c46a1d05a72e4e40e162fa49e68bc083

    • Size

      368KB

    • MD5

      73ba922b49f94fda8c44dbe99f07957f

    • SHA1

      7b7366139a0c857cc13b39a10ff4ece2575c3e02

    • SHA256

      b1fa5f6bf0e662ee8398f7e162d1fb46c46a1d05a72e4e40e162fa49e68bc083

    • SHA512

      4534235daee6732366ea9f28d740b3254a7d25e179efe3fe3193da0844d177e04be178beb2ea5a1e812185caacbb489fd661b6a9ee620793fb8234b4a7d8eb45

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWGIaxJ8TN005pWmjVwdSsyr:n3C9BRo7tvnJ9Fywhk/T7xyTpShZu

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks