General

  • Target

    1e1e3e1396084f6dd811dabe2131579fd1f46438bec3ac67e1c9e0fcfcdb17d5

  • Size

    82KB

  • Sample

    240605-yeacvaff31

  • MD5

    ca98cfb71753d461702828d88874b1e2

  • SHA1

    2286f959e6ae80dae851638e0e46eb4e1564f88d

  • SHA256

    1e1e3e1396084f6dd811dabe2131579fd1f46438bec3ac67e1c9e0fcfcdb17d5

  • SHA512

    636effd38d47cefda511ee39dbeee645428a96cf4b60dc39f3802915f8cba79182947cf1610b5928dfc8e630f4a5124b54f505f4268516f80de60fa9b5c2239b

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vB:ymb3NkkiQ3mdBjFo6Pfgy3dbc/B

Malware Config

Targets

    • Target

      1e1e3e1396084f6dd811dabe2131579fd1f46438bec3ac67e1c9e0fcfcdb17d5

    • Size

      82KB

    • MD5

      ca98cfb71753d461702828d88874b1e2

    • SHA1

      2286f959e6ae80dae851638e0e46eb4e1564f88d

    • SHA256

      1e1e3e1396084f6dd811dabe2131579fd1f46438bec3ac67e1c9e0fcfcdb17d5

    • SHA512

      636effd38d47cefda511ee39dbeee645428a96cf4b60dc39f3802915f8cba79182947cf1610b5928dfc8e630f4a5124b54f505f4268516f80de60fa9b5c2239b

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vB:ymb3NkkiQ3mdBjFo6Pfgy3dbc/B

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks