General
-
Target
db7b1aee833461841fa12e0fbcf6a9d4a0d0d4345831c000b686cab63ea570ee
-
Size
11.8MB
-
Sample
240521-ldymtsgc7z
-
MD5
ebc646cbb3d02b21472aa13efdd4e344
-
SHA1
6d011b7dc10c644d6c5d85132dd091743a178409
-
SHA256
db7b1aee833461841fa12e0fbcf6a9d4a0d0d4345831c000b686cab63ea570ee
-
SHA512
e09276812716f369ac02403493f9a60215f0f9d0ac19206681740243dc040c7868c5ceb9570c1459173a5ff2213b846034ec82145ef5d52b28d252aff65e6906
-
SSDEEP
196608:qIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:qf1xAcX/Or/M07neRJXe6basrSsgabI
Malware Config
Targets
-
-
Target
db7b1aee833461841fa12e0fbcf6a9d4a0d0d4345831c000b686cab63ea570ee
-
Size
11.8MB
-
MD5
ebc646cbb3d02b21472aa13efdd4e344
-
SHA1
6d011b7dc10c644d6c5d85132dd091743a178409
-
SHA256
db7b1aee833461841fa12e0fbcf6a9d4a0d0d4345831c000b686cab63ea570ee
-
SHA512
e09276812716f369ac02403493f9a60215f0f9d0ac19206681740243dc040c7868c5ceb9570c1459173a5ff2213b846034ec82145ef5d52b28d252aff65e6906
-
SSDEEP
196608:qIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:qf1xAcX/Or/M07neRJXe6basrSsgabI
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-