General

  • Target

    f4a617a6de87573c87aa0c5395d37d48163e7e9f9d6fdc9d683340da6784a7b7

  • Size

    66KB

  • Sample

    240518-fnc6zsda33

  • MD5

    ba2c6cca0c5e0fbaad97bf08f137c473

  • SHA1

    5fbfa571fbdd03613a4c0e10b719491ea3f5efc0

  • SHA256

    f4a617a6de87573c87aa0c5395d37d48163e7e9f9d6fdc9d683340da6784a7b7

  • SHA512

    179944c860ce92e7d5b1a45369b8739f652738c4009f3b2bbdb97751eea08b1b85a85e46fe344ea389e73b257645d8a2b632123c689324fe4d31719eb06e078f

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAI7:ymb3NkkiQ3mdBjFIFdJ8bZ

Malware Config

Targets

    • Target

      f4a617a6de87573c87aa0c5395d37d48163e7e9f9d6fdc9d683340da6784a7b7

    • Size

      66KB

    • MD5

      ba2c6cca0c5e0fbaad97bf08f137c473

    • SHA1

      5fbfa571fbdd03613a4c0e10b719491ea3f5efc0

    • SHA256

      f4a617a6de87573c87aa0c5395d37d48163e7e9f9d6fdc9d683340da6784a7b7

    • SHA512

      179944c860ce92e7d5b1a45369b8739f652738c4009f3b2bbdb97751eea08b1b85a85e46fe344ea389e73b257645d8a2b632123c689324fe4d31719eb06e078f

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAI7:ymb3NkkiQ3mdBjFIFdJ8bZ

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks