General

  • Target

    fdaac15860b9950f23c5a5a30802b0116d3bf062cab751740a3f5ed8a527e12b

  • Size

    521KB

  • Sample

    240518-f31wladf6t

  • MD5

    a354a17b94c97c9de26db22d5029cd4f

  • SHA1

    7f00b4a1d391dabe541b4abfb576a21e11c3a501

  • SHA256

    fdaac15860b9950f23c5a5a30802b0116d3bf062cab751740a3f5ed8a527e12b

  • SHA512

    d4208966c9b337eeebcba6d54e3ae635abd483fc8265e6aefa15a4a6e78f3d22df886d7501d412acc14eb021690d2db7cf9d073392da0576d9a33011f40aa8f9

  • SSDEEP

    6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H34:q7Tc2NYHUrAwfMHNnpls489I

Malware Config

Targets

    • Target

      fdaac15860b9950f23c5a5a30802b0116d3bf062cab751740a3f5ed8a527e12b

    • Size

      521KB

    • MD5

      a354a17b94c97c9de26db22d5029cd4f

    • SHA1

      7f00b4a1d391dabe541b4abfb576a21e11c3a501

    • SHA256

      fdaac15860b9950f23c5a5a30802b0116d3bf062cab751740a3f5ed8a527e12b

    • SHA512

      d4208966c9b337eeebcba6d54e3ae635abd483fc8265e6aefa15a4a6e78f3d22df886d7501d412acc14eb021690d2db7cf9d073392da0576d9a33011f40aa8f9

    • SSDEEP

      6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H34:q7Tc2NYHUrAwfMHNnpls489I

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks