General

  • Target

    1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36

  • Size

    76KB

  • Sample

    240524-x3p8jage69

  • MD5

    803cccb715ccf18e0804751fe6d15406

  • SHA1

    0a4c38c1f0f4f5b0a4e489c78eecec9283197cbd

  • SHA256

    1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36

  • SHA512

    1b00a11c9e04fca68ff1063bb9495081d10005498cfec9b9e77ee6d648bbeeb1a799f6c98d93c29874711594d45036b41d6d87c90b0832a7488194743634a4ee

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrAw:ymb3NkkiQ3mdBjFIIp9L9QrrAw

Malware Config

Targets

    • Target

      1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36

    • Size

      76KB

    • MD5

      803cccb715ccf18e0804751fe6d15406

    • SHA1

      0a4c38c1f0f4f5b0a4e489c78eecec9283197cbd

    • SHA256

      1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36

    • SHA512

      1b00a11c9e04fca68ff1063bb9495081d10005498cfec9b9e77ee6d648bbeeb1a799f6c98d93c29874711594d45036b41d6d87c90b0832a7488194743634a4ee

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrAw:ymb3NkkiQ3mdBjFIIp9L9QrrAw

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks