General

  • Target

    f819d406865c68179979111626e603ccbf86a51b5a6e0cb7e1afe7e4a71bbd6f

  • Size

    361KB

  • Sample

    240518-fs38zadb8x

  • MD5

    94ffb1856bdb1d5b07a42d0c23d50aa7

  • SHA1

    027f3797822d0850ea7bcaa3350837c121a3a483

  • SHA256

    f819d406865c68179979111626e603ccbf86a51b5a6e0cb7e1afe7e4a71bbd6f

  • SHA512

    d432c7b86b3564080dc6bcaa306a98267a539ea16d0db962e0068c6c6f33ad5bb0f9f8883750c55d5dea9e3ad63040e0d7daddc8c6d6f41e1e4ce758901dbe29

  • SSDEEP

    6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7t:n3C9uYA71kSMu08px7t

Malware Config

Targets

    • Target

      f819d406865c68179979111626e603ccbf86a51b5a6e0cb7e1afe7e4a71bbd6f

    • Size

      361KB

    • MD5

      94ffb1856bdb1d5b07a42d0c23d50aa7

    • SHA1

      027f3797822d0850ea7bcaa3350837c121a3a483

    • SHA256

      f819d406865c68179979111626e603ccbf86a51b5a6e0cb7e1afe7e4a71bbd6f

    • SHA512

      d432c7b86b3564080dc6bcaa306a98267a539ea16d0db962e0068c6c6f33ad5bb0f9f8883750c55d5dea9e3ad63040e0d7daddc8c6d6f41e1e4ce758901dbe29

    • SSDEEP

      6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7t:n3C9uYA71kSMu08px7t

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks