General

  • Target

    50bd4a2cfbc18cad5904b78b60b86de8476cdbdb0c31b3f37ca9dc3ead3b9b42

  • Size

    388KB

  • Sample

    240605-2q2s1sca56

  • MD5

    dbb742b9fb31d919cc675d0bd19a365c

  • SHA1

    05f68d7562f8d98de5f3bb5e4159acc446c6996b

  • SHA256

    50bd4a2cfbc18cad5904b78b60b86de8476cdbdb0c31b3f37ca9dc3ead3b9b42

  • SHA512

    74b633730d3069280ce7588a36d51bff7a4b49c83fccd521ce12e041f123138479c6aab926da4218273640a066af5ffe1afd89d7cdc7d744e156c8902b1682a5

  • SSDEEP

    6144:n3C9BRo7tvnJ9oH0IRgZvjkKoA+0oD/BBT7bR:n3C9ytvngQjA/fT7bR

Malware Config

Targets

    • Target

      50bd4a2cfbc18cad5904b78b60b86de8476cdbdb0c31b3f37ca9dc3ead3b9b42

    • Size

      388KB

    • MD5

      dbb742b9fb31d919cc675d0bd19a365c

    • SHA1

      05f68d7562f8d98de5f3bb5e4159acc446c6996b

    • SHA256

      50bd4a2cfbc18cad5904b78b60b86de8476cdbdb0c31b3f37ca9dc3ead3b9b42

    • SHA512

      74b633730d3069280ce7588a36d51bff7a4b49c83fccd521ce12e041f123138479c6aab926da4218273640a066af5ffe1afd89d7cdc7d744e156c8902b1682a5

    • SSDEEP

      6144:n3C9BRo7tvnJ9oH0IRgZvjkKoA+0oD/BBT7bR:n3C9ytvngQjA/fT7bR

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks