General

  • Target

    b66d22ea723b3b206af18e1b14060ab42d08cac97cd31adbc1b27323a8ac30f9

  • Size

    387KB

  • Sample

    240518-cr7cfsfg21

  • MD5

    a32d4e503db26fee49836e738c84332d

  • SHA1

    5fa9ed85fa6db2f4dc152ab26f6ba7421408c1fd

  • SHA256

    b66d22ea723b3b206af18e1b14060ab42d08cac97cd31adbc1b27323a8ac30f9

  • SHA512

    91b5f5f1b3d2930cb90988f3a3d6b12522e5303bf61762724e7f2ab0802f323bedefc3040753a2c219019ae1cab14cbad0821a04e367b8d9792af9ed8d53a204

  • SSDEEP

    12288:n3C9ytvngQjpUXoSWlnwJv90aKToFqwfa:SgdnJVU4TlnwJ6GoL

Malware Config

Targets

    • Target

      b66d22ea723b3b206af18e1b14060ab42d08cac97cd31adbc1b27323a8ac30f9

    • Size

      387KB

    • MD5

      a32d4e503db26fee49836e738c84332d

    • SHA1

      5fa9ed85fa6db2f4dc152ab26f6ba7421408c1fd

    • SHA256

      b66d22ea723b3b206af18e1b14060ab42d08cac97cd31adbc1b27323a8ac30f9

    • SHA512

      91b5f5f1b3d2930cb90988f3a3d6b12522e5303bf61762724e7f2ab0802f323bedefc3040753a2c219019ae1cab14cbad0821a04e367b8d9792af9ed8d53a204

    • SSDEEP

      12288:n3C9ytvngQjpUXoSWlnwJv90aKToFqwfa:SgdnJVU4TlnwJ6GoL

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks