General

  • Target

    e4bf7a8d4c3e0aab39a32c2398082a94dacfd67bbd23bb9c6d7842cd023d2d45

  • Size

    313KB

  • Sample

    240604-e1qr6sch8z

  • MD5

    25b05699cbd7d41d71d8019781536cf4

  • SHA1

    726585b933b77b6f3d39715c6c6697287aecf2b6

  • SHA256

    e4bf7a8d4c3e0aab39a32c2398082a94dacfd67bbd23bb9c6d7842cd023d2d45

  • SHA512

    df6e4db7f5945464b5fa807d2e78d60e7a9a1a8f495ca572c6c1dcdbb7c57fbc1627e30933ddb6352879729ecd566305a90e5aa9bd8a2e42664462c5c31b8d74

  • SSDEEP

    6144:n3C9BRo/AIX2h97aUzpbBj3+b2ziJC39QS8hDJd+Q7ZLbjwc:n3C9uDC97aUFbZ42ziM39QS8hDJd+Q79

Malware Config

Targets

    • Target

      e4bf7a8d4c3e0aab39a32c2398082a94dacfd67bbd23bb9c6d7842cd023d2d45

    • Size

      313KB

    • MD5

      25b05699cbd7d41d71d8019781536cf4

    • SHA1

      726585b933b77b6f3d39715c6c6697287aecf2b6

    • SHA256

      e4bf7a8d4c3e0aab39a32c2398082a94dacfd67bbd23bb9c6d7842cd023d2d45

    • SHA512

      df6e4db7f5945464b5fa807d2e78d60e7a9a1a8f495ca572c6c1dcdbb7c57fbc1627e30933ddb6352879729ecd566305a90e5aa9bd8a2e42664462c5c31b8d74

    • SSDEEP

      6144:n3C9BRo/AIX2h97aUzpbBj3+b2ziJC39QS8hDJd+Q7ZLbjwc:n3C9uDC97aUFbZ42ziM39QS8hDJd+Q79

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks