General

  • Target

    7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7

  • Size

    9.5MB

  • Sample

    240524-qaccmsee55

  • MD5

    84d7cbb723c1ba711b069377f4b54b8b

  • SHA1

    0bfa62d923644a537649b34b832b6a3ceeb9333c

  • SHA256

    7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7

  • SHA512

    7950226be8800beddda43e43613711fb5f37233af41a0ff3fbaa592c1905052c51f719d293e844246fed4918151d7b6886c1868d03513bcedefebde230330d4b

  • SSDEEP

    196608:ZILJcDKlFBqkwDxURK8vyqByLdlf3hRQIgLKNc:ZgODKlFBqHayOclfhRQIG2c

Malware Config

Targets

    • Target

      7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7

    • Size

      9.5MB

    • MD5

      84d7cbb723c1ba711b069377f4b54b8b

    • SHA1

      0bfa62d923644a537649b34b832b6a3ceeb9333c

    • SHA256

      7cfb7138be4950b3cbe5df14e77c5f2dfc41ddc856c3354ad5d121ea2441afc7

    • SHA512

      7950226be8800beddda43e43613711fb5f37233af41a0ff3fbaa592c1905052c51f719d293e844246fed4918151d7b6886c1868d03513bcedefebde230330d4b

    • SSDEEP

      196608:ZILJcDKlFBqkwDxURK8vyqByLdlf3hRQIgLKNc:ZgODKlFBqHayOclfhRQIG2c

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks