General

  • Target

    fb98608fe28128f76295220f9b50fe2643448616bb80e07c69662bf699ed4727

  • Size

    55KB

  • Sample

    240518-fzse2sde3y

  • MD5

    1ebfd427d4a453792af04c27a3da0512

  • SHA1

    55371dae8747c43955df9ce101c41cb9017d0535

  • SHA256

    fb98608fe28128f76295220f9b50fe2643448616bb80e07c69662bf699ed4727

  • SHA512

    90d7c9111f0f224795feb7a1e8515d00f1e5c23d474e87ee863142973e30f0e2f015361f0fc6a13a7e17453860040ac7edd63184c5c301c9b9cb8125e975ddcd

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEVH:ymb3NkkiQ3mdBjFIO

Malware Config

Targets

    • Target

      fb98608fe28128f76295220f9b50fe2643448616bb80e07c69662bf699ed4727

    • Size

      55KB

    • MD5

      1ebfd427d4a453792af04c27a3da0512

    • SHA1

      55371dae8747c43955df9ce101c41cb9017d0535

    • SHA256

      fb98608fe28128f76295220f9b50fe2643448616bb80e07c69662bf699ed4727

    • SHA512

      90d7c9111f0f224795feb7a1e8515d00f1e5c23d474e87ee863142973e30f0e2f015361f0fc6a13a7e17453860040ac7edd63184c5c301c9b9cb8125e975ddcd

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEVH:ymb3NkkiQ3mdBjFIO

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks