General

  • Target

    b31bda1ce1636e701b132c913ad267bc8af5ecbed9144d3d4700cc7b58db734d

  • Size

    380KB

  • Sample

    240518-clsxwafd66

  • MD5

    5262e479605893251c8fdf8ad4228d15

  • SHA1

    a7439b17b8bd784bc69d717ea70c5942ef9b5ed0

  • SHA256

    b31bda1ce1636e701b132c913ad267bc8af5ecbed9144d3d4700cc7b58db734d

  • SHA512

    9f198a48859cced3d1fdcd3c9f0395e2f96e25cad5fe7a1da1c815a24671ba7e67576b6d229bb3f1af9b5dc53cf511d31d35b2ff5fad274c2bf027a3471d756a

  • SSDEEP

    6144:Ocm4FmowdHoSsm4FIc1/cm4FmowdHoSsiNlcJcmHYC9/jvvfwL+TLPfSRcm4FVoR:w4wFHoSl4h4wFHoS24yTgL+zfu4/FHoZ

Malware Config

Targets

    • Target

      b31bda1ce1636e701b132c913ad267bc8af5ecbed9144d3d4700cc7b58db734d

    • Size

      380KB

    • MD5

      5262e479605893251c8fdf8ad4228d15

    • SHA1

      a7439b17b8bd784bc69d717ea70c5942ef9b5ed0

    • SHA256

      b31bda1ce1636e701b132c913ad267bc8af5ecbed9144d3d4700cc7b58db734d

    • SHA512

      9f198a48859cced3d1fdcd3c9f0395e2f96e25cad5fe7a1da1c815a24671ba7e67576b6d229bb3f1af9b5dc53cf511d31d35b2ff5fad274c2bf027a3471d756a

    • SSDEEP

      6144:Ocm4FmowdHoSsm4FIc1/cm4FmowdHoSsiNlcJcmHYC9/jvvfwL+TLPfSRcm4FVoR:w4wFHoSl4h4wFHoS24yTgL+zfu4/FHoZ

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks