General

  • Target

    dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6

  • Size

    67KB

  • Sample

    240528-edasfadf61

  • MD5

    a80e634de8e51a464fd354299098f1fd

  • SHA1

    494417d36dfe792e50f0bdd44dac8cbc528d61a5

  • SHA256

    dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6

  • SHA512

    58e5bdfce3dc88e5b0efbda676b515ae4c881d077abdf8175934444464638a70278ea6ce162b0ad1a82c27f700b22e93038bff6478efc966c120cc34c06f2907

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIu:ymb3NkkiQ3mdBjFIFdJ8bG

Malware Config

Targets

    • Target

      dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6

    • Size

      67KB

    • MD5

      a80e634de8e51a464fd354299098f1fd

    • SHA1

      494417d36dfe792e50f0bdd44dac8cbc528d61a5

    • SHA256

      dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6

    • SHA512

      58e5bdfce3dc88e5b0efbda676b515ae4c881d077abdf8175934444464638a70278ea6ce162b0ad1a82c27f700b22e93038bff6478efc966c120cc34c06f2907

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIu:ymb3NkkiQ3mdBjFIFdJ8bG

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks