General

  • Target

    f8b506c40823b56219f54ef333dc5abdfa8de7f355841d8e2fc8674e8cf64e1d

  • Size

    55KB

  • Sample

    240518-ft5hesdc4s

  • MD5

    bd9c1fa7f1bad17e0e33f5c7606c3e86

  • SHA1

    25348f91f41e59e4fec564c941bac1c808be830c

  • SHA256

    f8b506c40823b56219f54ef333dc5abdfa8de7f355841d8e2fc8674e8cf64e1d

  • SHA512

    77ec570acdad817aba46eb578ea6e522d2eb5a7f89299f6a049a18cc551f93506d4f5da4bc9ec892028337bfc51cc01b14b49d4c3a006bc58d70731aa5cfc73e

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVVr:ymb3NkkiQ3mdBjF0crVr

Malware Config

Targets

    • Target

      f8b506c40823b56219f54ef333dc5abdfa8de7f355841d8e2fc8674e8cf64e1d

    • Size

      55KB

    • MD5

      bd9c1fa7f1bad17e0e33f5c7606c3e86

    • SHA1

      25348f91f41e59e4fec564c941bac1c808be830c

    • SHA256

      f8b506c40823b56219f54ef333dc5abdfa8de7f355841d8e2fc8674e8cf64e1d

    • SHA512

      77ec570acdad817aba46eb578ea6e522d2eb5a7f89299f6a049a18cc551f93506d4f5da4bc9ec892028337bfc51cc01b14b49d4c3a006bc58d70731aa5cfc73e

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVVr:ymb3NkkiQ3mdBjF0crVr

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks