General

  • Target

    feb5a719d5e11bcfde3cdf73cb0a2287de5859176fde10825c0e5c862923787c

  • Size

    480KB

  • Sample

    240518-f5584adg82

  • MD5

    a8c4ef6a0a27eed394ae740dc40a95b8

  • SHA1

    88dc1f80c2a8a2e94b277b012dcec476ef4e7d82

  • SHA256

    feb5a719d5e11bcfde3cdf73cb0a2287de5859176fde10825c0e5c862923787c

  • SHA512

    2678efc8da25866790b1cdc6c61ec734f8e10cf9ffc950ac24c93b6c8c89cdd4f2eac1b4b8c95f4a38aa63aba24979cd79db2baeeb19978edce81b72e7a43e06

  • SSDEEP

    12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezu:Su326p0aroZt0su

Malware Config

Targets

    • Target

      feb5a719d5e11bcfde3cdf73cb0a2287de5859176fde10825c0e5c862923787c

    • Size

      480KB

    • MD5

      a8c4ef6a0a27eed394ae740dc40a95b8

    • SHA1

      88dc1f80c2a8a2e94b277b012dcec476ef4e7d82

    • SHA256

      feb5a719d5e11bcfde3cdf73cb0a2287de5859176fde10825c0e5c862923787c

    • SHA512

      2678efc8da25866790b1cdc6c61ec734f8e10cf9ffc950ac24c93b6c8c89cdd4f2eac1b4b8c95f4a38aa63aba24979cd79db2baeeb19978edce81b72e7a43e06

    • SSDEEP

      12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezu:Su326p0aroZt0su

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks