General

  • Target

    f3365f33038efa31e4918ea6cb027293622e58fe8c347a4cef79a3e01db9d0ad

  • Size

    94KB

  • Sample

    240518-fklc7acg41

  • MD5

    7007585aad410997283a16658cc8299e

  • SHA1

    73dd1c25c2472cbb556e1bc85e97ca6d7dfb9850

  • SHA256

    f3365f33038efa31e4918ea6cb027293622e58fe8c347a4cef79a3e01db9d0ad

  • SHA512

    df6edddccf9fed72a9324591bf9fac6917713d629619cfd24df56c1e2f42ccd4085d2e5acf9edd5b5466926706bfbe49af70abdc09ab05d4e52b5ec122a3a6fc

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrAU:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnr7

Malware Config

Targets

    • Target

      f3365f33038efa31e4918ea6cb027293622e58fe8c347a4cef79a3e01db9d0ad

    • Size

      94KB

    • MD5

      7007585aad410997283a16658cc8299e

    • SHA1

      73dd1c25c2472cbb556e1bc85e97ca6d7dfb9850

    • SHA256

      f3365f33038efa31e4918ea6cb027293622e58fe8c347a4cef79a3e01db9d0ad

    • SHA512

      df6edddccf9fed72a9324591bf9fac6917713d629619cfd24df56c1e2f42ccd4085d2e5acf9edd5b5466926706bfbe49af70abdc09ab05d4e52b5ec122a3a6fc

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrAU:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnr7

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks