General

  • Target

    b94435cc0c72b80d77de4abc6b9c1592e1317fae3475eb1e68ae2978dfad95d0

  • Size

    134KB

  • Sample

    240518-cxa67sga4t

  • MD5

    2897347970d16bcbec6b518580c7064b

  • SHA1

    561fa2fc2027a88adea51ab3be24eac3310774a3

  • SHA256

    b94435cc0c72b80d77de4abc6b9c1592e1317fae3475eb1e68ae2978dfad95d0

  • SHA512

    758c23d36c0e3957d5dfd8bfa4ecbee0e91b6399432520248825a2bd440cca9ef91ac740e06e5b0150387b4bf1cb0ab1b46814f98f04c81d931322a1d87cb818

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorO:n3C9BRW0j/1px+dG1

Malware Config

Targets

    • Target

      b94435cc0c72b80d77de4abc6b9c1592e1317fae3475eb1e68ae2978dfad95d0

    • Size

      134KB

    • MD5

      2897347970d16bcbec6b518580c7064b

    • SHA1

      561fa2fc2027a88adea51ab3be24eac3310774a3

    • SHA256

      b94435cc0c72b80d77de4abc6b9c1592e1317fae3475eb1e68ae2978dfad95d0

    • SHA512

      758c23d36c0e3957d5dfd8bfa4ecbee0e91b6399432520248825a2bd440cca9ef91ac740e06e5b0150387b4bf1cb0ab1b46814f98f04c81d931322a1d87cb818

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorO:n3C9BRW0j/1px+dG1

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks