General

  • Target

    1bbde95622d1514acca2ed576454c1d1770224b3531a270c1486d1bc5dbf027b

  • Size

    60KB

  • Sample

    240605-x8yrvsgd69

  • MD5

    85071d7a8e2eb7d1a1c1932bd9a7f0e6

  • SHA1

    73698dbfef4b2a0ebe32c23a053c58c71a1baa64

  • SHA256

    1bbde95622d1514acca2ed576454c1d1770224b3531a270c1486d1bc5dbf027b

  • SHA512

    dadcd31de02bce0a78c960e1484ada1a156f38f55c117a5cb225558e8d62686eb15414571b45d9c5354d29854ba08eae9e89930060ec000dcb9060b0f2e46859

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9LM:ymb3NkkiQ3mdBjFI9Q

Malware Config

Targets

    • Target

      1bbde95622d1514acca2ed576454c1d1770224b3531a270c1486d1bc5dbf027b

    • Size

      60KB

    • MD5

      85071d7a8e2eb7d1a1c1932bd9a7f0e6

    • SHA1

      73698dbfef4b2a0ebe32c23a053c58c71a1baa64

    • SHA256

      1bbde95622d1514acca2ed576454c1d1770224b3531a270c1486d1bc5dbf027b

    • SHA512

      dadcd31de02bce0a78c960e1484ada1a156f38f55c117a5cb225558e8d62686eb15414571b45d9c5354d29854ba08eae9e89930060ec000dcb9060b0f2e46859

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9LM:ymb3NkkiQ3mdBjFI9Q

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks