General

  • Target

    f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1

  • Size

    247KB

  • Sample

    240527-ezblvsha22

  • MD5

    64faf630f2df173f8bc440f5db9f7d72

  • SHA1

    db21c91b016f48ef9c2cb6edad8ec2feae322eea

  • SHA256

    f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1

  • SHA512

    89645a481e32cd947517fa54630185aa6f05ed690fef53d68fcc89c5e17202165e9e29b13e9c13367666a8b5e7812fff1be60d5001e9fe56b298b80a3600134c

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR17:n3C9BRo7MlrWKo+lxtvGt17

Malware Config

Targets

    • Target

      f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1

    • Size

      247KB

    • MD5

      64faf630f2df173f8bc440f5db9f7d72

    • SHA1

      db21c91b016f48ef9c2cb6edad8ec2feae322eea

    • SHA256

      f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1

    • SHA512

      89645a481e32cd947517fa54630185aa6f05ed690fef53d68fcc89c5e17202165e9e29b13e9c13367666a8b5e7812fff1be60d5001e9fe56b298b80a3600134c

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR17:n3C9BRo7MlrWKo+lxtvGt17

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks