General

  • Target

    b7ae0f08e278302905b3d3c98abfa465be35c8fe21a418bd1ded2f7f9efca7ae

  • Size

    360KB

  • Sample

    240518-ct4dksfh46

  • MD5

    9e89f72cd9a329bbde553391c1111e06

  • SHA1

    1af90ec4baadb45f0ecba1cc0f54fc4f32ef32b9

  • SHA256

    b7ae0f08e278302905b3d3c98abfa465be35c8fe21a418bd1ded2f7f9efca7ae

  • SHA512

    844ea15fd8f990eca55124eb2fd692ebfd19902e20b723e0676229696fb08b79603c7d0bfeff22242313dfb18146144ad59e1fca4c7a5d9deef3e75f56cc3edb

  • SSDEEP

    6144:Zcm7ImGddX4S8cm7ImGddEJcm7ImGddXRS8E91cm7IFbYLcm7ImGdga1n:j7Tcov7TcQ7TchI7l7Tba1n

Malware Config

Targets

    • Target

      b7ae0f08e278302905b3d3c98abfa465be35c8fe21a418bd1ded2f7f9efca7ae

    • Size

      360KB

    • MD5

      9e89f72cd9a329bbde553391c1111e06

    • SHA1

      1af90ec4baadb45f0ecba1cc0f54fc4f32ef32b9

    • SHA256

      b7ae0f08e278302905b3d3c98abfa465be35c8fe21a418bd1ded2f7f9efca7ae

    • SHA512

      844ea15fd8f990eca55124eb2fd692ebfd19902e20b723e0676229696fb08b79603c7d0bfeff22242313dfb18146144ad59e1fca4c7a5d9deef3e75f56cc3edb

    • SSDEEP

      6144:Zcm7ImGddX4S8cm7ImGddEJcm7ImGddXRS8E91cm7IFbYLcm7ImGdga1n:j7Tcov7TcQ7TchI7l7Tba1n

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks