General

  • Target

    fb269054c9b12e9b01c8aa8e73341c496e1e6095e69119d8005de121de65d8ad

  • Size

    361KB

  • Sample

    240518-fyvh1sdd8x

  • MD5

    6e9d92d537fc3a75397fea35bbe2144e

  • SHA1

    0866ab2ab0a5c4a06dca5c625836a6ddd03acc08

  • SHA256

    fb269054c9b12e9b01c8aa8e73341c496e1e6095e69119d8005de121de65d8ad

  • SHA512

    6d63011b38cf16a79ca17d2cb9fe76e97e78986885918fb9ef1ec9f029c7aa9879693e0f38dabf819e86efb6d1540a9a58bd152e1b172052a33caa66f849b431

  • SSDEEP

    6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7o:n3C9uYA71kSMu08px7o

Malware Config

Targets

    • Target

      fb269054c9b12e9b01c8aa8e73341c496e1e6095e69119d8005de121de65d8ad

    • Size

      361KB

    • MD5

      6e9d92d537fc3a75397fea35bbe2144e

    • SHA1

      0866ab2ab0a5c4a06dca5c625836a6ddd03acc08

    • SHA256

      fb269054c9b12e9b01c8aa8e73341c496e1e6095e69119d8005de121de65d8ad

    • SHA512

      6d63011b38cf16a79ca17d2cb9fe76e97e78986885918fb9ef1ec9f029c7aa9879693e0f38dabf819e86efb6d1540a9a58bd152e1b172052a33caa66f849b431

    • SSDEEP

      6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7o:n3C9uYA71kSMu08px7o

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks