General

  • Target

    d7fef5c1f77aada2389174feb94c2cebcd0466b07148c8f5ea9e1ac50014dc25

  • Size

    11.2MB

  • Sample

    240523-f5bpgsfb65

  • MD5

    e25b344940a9a24c6902029cac4f2198

  • SHA1

    2a8644b9271c07e13879baa19ec6de6cd126b44b

  • SHA256

    d7fef5c1f77aada2389174feb94c2cebcd0466b07148c8f5ea9e1ac50014dc25

  • SHA512

    afb4cf8c8a590fde3e3ed43323e13c31ea2d49915f30a0f50cc8c07964fe6711341af2e934ec820b236c7e9d77b59c53a9e4a5304df2b0592cc62f1491584a39

  • SSDEEP

    196608:PYPDPyJZkHkNcwyi465hb5zqU2I9h655XqzduMaVW5ckj0Ryl/h80Jki:gPDPgkHkmE555eU7R+w44h80Wi

Malware Config

Targets

    • Target

      d7fef5c1f77aada2389174feb94c2cebcd0466b07148c8f5ea9e1ac50014dc25

    • Size

      11.2MB

    • MD5

      e25b344940a9a24c6902029cac4f2198

    • SHA1

      2a8644b9271c07e13879baa19ec6de6cd126b44b

    • SHA256

      d7fef5c1f77aada2389174feb94c2cebcd0466b07148c8f5ea9e1ac50014dc25

    • SHA512

      afb4cf8c8a590fde3e3ed43323e13c31ea2d49915f30a0f50cc8c07964fe6711341af2e934ec820b236c7e9d77b59c53a9e4a5304df2b0592cc62f1491584a39

    • SSDEEP

      196608:PYPDPyJZkHkNcwyi465hb5zqU2I9h655XqzduMaVW5ckj0Ryl/h80Jki:gPDPgkHkmE555eU7R+w44h80Wi

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks