General

  • Target

    67c9741b13a255ffdfa10eff8d1d658fb733306ba6a3280216390cb01c2d188f

  • Size

    585KB

  • Sample

    240605-3yq7xsdb65

  • MD5

    17b8d93357a860fb1cb91fba78b9c55a

  • SHA1

    3a9c7d7696911726d4f6c91c83cc8ab9f10b7a3b

  • SHA256

    67c9741b13a255ffdfa10eff8d1d658fb733306ba6a3280216390cb01c2d188f

  • SHA512

    972117e06bc6773d14581daa5db678b12bc6e445cbd2f8fd0129d71e7da2fc2a8e2770bc914e7d19fcd74cfea990ae474db0b51f164339f18bea78f0a6df676c

  • SSDEEP

    12288:n3C9ytvngQjuPh2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiZE:SgdnJKPh2kkkkK4kXkkkkkkkkJE

Malware Config

Targets

    • Target

      67c9741b13a255ffdfa10eff8d1d658fb733306ba6a3280216390cb01c2d188f

    • Size

      585KB

    • MD5

      17b8d93357a860fb1cb91fba78b9c55a

    • SHA1

      3a9c7d7696911726d4f6c91c83cc8ab9f10b7a3b

    • SHA256

      67c9741b13a255ffdfa10eff8d1d658fb733306ba6a3280216390cb01c2d188f

    • SHA512

      972117e06bc6773d14581daa5db678b12bc6e445cbd2f8fd0129d71e7da2fc2a8e2770bc914e7d19fcd74cfea990ae474db0b51f164339f18bea78f0a6df676c

    • SSDEEP

      12288:n3C9ytvngQjuPh2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiZE:SgdnJKPh2kkkkK4kXkkkkkkkkJE

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks