General

  • Target

    b8f60ba35283c645df2c1d1bbae97668ed979213c75fff28a0dc439d1f15ffec

  • Size

    258KB

  • Sample

    240518-cwvt8aga29

  • MD5

    0663390f7b493342f856381562b16488

  • SHA1

    4305b3bc6015314f6b8d7802d390d51947ce7a5b

  • SHA256

    b8f60ba35283c645df2c1d1bbae97668ed979213c75fff28a0dc439d1f15ffec

  • SHA512

    a8a811c171ba6d716548ac67afb74737e6f7574ccbf2f638d4be696d67dadf5c5be66d02076b84148f5044b23922d15abf14f1ad007eaa0bcaa9b2e77c8d5cc1

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWG4lmb37K3BoKLbCZ0w:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0w

Malware Config

Targets

    • Target

      b8f60ba35283c645df2c1d1bbae97668ed979213c75fff28a0dc439d1f15ffec

    • Size

      258KB

    • MD5

      0663390f7b493342f856381562b16488

    • SHA1

      4305b3bc6015314f6b8d7802d390d51947ce7a5b

    • SHA256

      b8f60ba35283c645df2c1d1bbae97668ed979213c75fff28a0dc439d1f15ffec

    • SHA512

      a8a811c171ba6d716548ac67afb74737e6f7574ccbf2f638d4be696d67dadf5c5be66d02076b84148f5044b23922d15abf14f1ad007eaa0bcaa9b2e77c8d5cc1

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWG4lmb37K3BoKLbCZ0w:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0w

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks