General

  • Target

    fede01fe86aa22f84bce318f70f2850e08558750e34d08712f1f964bcb639ccb

  • Size

    253KB

  • Sample

    240518-f6lk3sdg94

  • MD5

    7e0a01d5ae6dddf81897cef41d3398e9

  • SHA1

    daf84d08e7aae8f6fac7e2d9e65de40c7f4e86d5

  • SHA256

    fede01fe86aa22f84bce318f70f2850e08558750e34d08712f1f964bcb639ccb

  • SHA512

    6e2ccef6c8d181ab8f73802b157f9a12ca41fddca2bae21591b64b4e197495dd3f34e40f982d24b5ecb6c30befbbdb6cd6a73e43db6a89e3998d07c48963d9c9

  • SSDEEP

    3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+THke:ccm4FmowdHoSi9EIBftapTs4WZazeE8Z

Malware Config

Targets

    • Target

      fede01fe86aa22f84bce318f70f2850e08558750e34d08712f1f964bcb639ccb

    • Size

      253KB

    • MD5

      7e0a01d5ae6dddf81897cef41d3398e9

    • SHA1

      daf84d08e7aae8f6fac7e2d9e65de40c7f4e86d5

    • SHA256

      fede01fe86aa22f84bce318f70f2850e08558750e34d08712f1f964bcb639ccb

    • SHA512

      6e2ccef6c8d181ab8f73802b157f9a12ca41fddca2bae21591b64b4e197495dd3f34e40f982d24b5ecb6c30befbbdb6cd6a73e43db6a89e3998d07c48963d9c9

    • SSDEEP

      3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+THke:ccm4FmowdHoSi9EIBftapTs4WZazeE8Z

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks