General

  • Target

    b6a3f6259011c03764220549f44ce4ba582ac1218c4bf4b86eee920033634ca9

  • Size

    74KB

  • Sample

    240518-csjmsafg31

  • MD5

    2b968dc4056f4dd98e46c9bf417cef3a

  • SHA1

    f6d6da98920110ee1be71d648fbaa095ae7e99a4

  • SHA256

    b6a3f6259011c03764220549f44ce4ba582ac1218c4bf4b86eee920033634ca9

  • SHA512

    8115a4cc3562b2633e60f09f19f6a28427185adc04e8cf08b750d898090b2bf40c580ef838bedc4ee10f79d8742d6f5ff5462a2feec9d8997c858a48cf2c8162

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqKFx:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqKFx

Malware Config

Targets

    • Target

      b6a3f6259011c03764220549f44ce4ba582ac1218c4bf4b86eee920033634ca9

    • Size

      74KB

    • MD5

      2b968dc4056f4dd98e46c9bf417cef3a

    • SHA1

      f6d6da98920110ee1be71d648fbaa095ae7e99a4

    • SHA256

      b6a3f6259011c03764220549f44ce4ba582ac1218c4bf4b86eee920033634ca9

    • SHA512

      8115a4cc3562b2633e60f09f19f6a28427185adc04e8cf08b750d898090b2bf40c580ef838bedc4ee10f79d8742d6f5ff5462a2feec9d8997c858a48cf2c8162

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqKFx:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqKFx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks