General

  • Target

    d7e9bc14451db88c7b6f6dd4d95a07e35bcda8b790560c40a771052855a9c36c

  • Size

    93KB

  • Sample

    240518-ebl3paae7y

  • MD5

    1494f69e2047eee2296d84b01406cec2

  • SHA1

    5449dc0fed0068668f3d5aeadb752c4c06a5309a

  • SHA256

    d7e9bc14451db88c7b6f6dd4d95a07e35bcda8b790560c40a771052855a9c36c

  • SHA512

    76f1dfd0f908a215d5477932be4d900732588f3de8ae18ba35fcf54759d9690fa89aa4c04addbda7d668f1130854636f1c74041ecee942b5e5fae4031073ffb1

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEJ:ymb3NkkiQ3mdBjFoLucjDilOZho6

Malware Config

Targets

    • Target

      d7e9bc14451db88c7b6f6dd4d95a07e35bcda8b790560c40a771052855a9c36c

    • Size

      93KB

    • MD5

      1494f69e2047eee2296d84b01406cec2

    • SHA1

      5449dc0fed0068668f3d5aeadb752c4c06a5309a

    • SHA256

      d7e9bc14451db88c7b6f6dd4d95a07e35bcda8b790560c40a771052855a9c36c

    • SHA512

      76f1dfd0f908a215d5477932be4d900732588f3de8ae18ba35fcf54759d9690fa89aa4c04addbda7d668f1130854636f1c74041ecee942b5e5fae4031073ffb1

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEJ:ymb3NkkiQ3mdBjFoLucjDilOZho6

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks