General

  • Target

    9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21

  • Size

    82KB

  • Sample

    240525-bqfmnshg77

  • MD5

    6f06c39347bc945671eb2a41db567c07

  • SHA1

    0e6b4e0b88f8a92e607d5afa9b9e5cd877507899

  • SHA256

    9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21

  • SHA512

    bdfe21808c65b4b0a37312ef6acb19ecc959e6cba3695463e1a5eec44ace7a7a07f2f462315e73b6827528a135f05ab37b1f9848b0345f4ba0e6ee07e4cfa136

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsv7B:ymb3NkkiQ3mdBjFIWeFGyA9Pq

Malware Config

Targets

    • Target

      9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21

    • Size

      82KB

    • MD5

      6f06c39347bc945671eb2a41db567c07

    • SHA1

      0e6b4e0b88f8a92e607d5afa9b9e5cd877507899

    • SHA256

      9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21

    • SHA512

      bdfe21808c65b4b0a37312ef6acb19ecc959e6cba3695463e1a5eec44ace7a7a07f2f462315e73b6827528a135f05ab37b1f9848b0345f4ba0e6ee07e4cfa136

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsv7B:ymb3NkkiQ3mdBjFIWeFGyA9Pq

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks