General

  • Target

    b8884fc1722eb0b641ead97429cfa6be02d7b161906dd37df34150b6181dbb44

  • Size

    160KB

  • Sample

    240518-cwgbtsfh8w

  • MD5

    2eae08c2d12b1d9ecff4f59fc712d47a

  • SHA1

    33d8468986bfa0bc5c4851f75cc7d382fb8a900a

  • SHA256

    b8884fc1722eb0b641ead97429cfa6be02d7b161906dd37df34150b6181dbb44

  • SHA512

    0cac4fe7288cad4a4c330fb6f8adeae6e3ebc04d502fa65c6bcec14e20068e9b285552a9c7e9338edc9b3810294ecbd24b7ecb2dc5105c2765d13cf7e4e6c84b

  • SSDEEP

    3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPDNuBS4:xcm4FmowdHoSgWrXF5lpKGYV0wh6D94

Malware Config

Targets

    • Target

      b8884fc1722eb0b641ead97429cfa6be02d7b161906dd37df34150b6181dbb44

    • Size

      160KB

    • MD5

      2eae08c2d12b1d9ecff4f59fc712d47a

    • SHA1

      33d8468986bfa0bc5c4851f75cc7d382fb8a900a

    • SHA256

      b8884fc1722eb0b641ead97429cfa6be02d7b161906dd37df34150b6181dbb44

    • SHA512

      0cac4fe7288cad4a4c330fb6f8adeae6e3ebc04d502fa65c6bcec14e20068e9b285552a9c7e9338edc9b3810294ecbd24b7ecb2dc5105c2765d13cf7e4e6c84b

    • SSDEEP

      3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPDNuBS4:xcm4FmowdHoSgWrXF5lpKGYV0wh6D94

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks