General

  • Target

    24bbcafce61fcc9bb767d3e131bb4f92c6538afe2fe8f97640080097c95e00d7

  • Size

    71KB

  • Sample

    240605-ys1rysha83

  • MD5

    b5f99be41bc6f6c2874ac000c367c3dd

  • SHA1

    23cf30149c2cce6de84600386aab8cdbcea16873

  • SHA256

    24bbcafce61fcc9bb767d3e131bb4f92c6538afe2fe8f97640080097c95e00d7

  • SHA512

    98d28fd550d7244bd6873f1390ef68d51a9c289f24462083a64b970ae98fd6d5fa233862c0394a368d30f5ac06eaadc6e26ef9a17a9017d2109f0c0a5976de5c

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnmkn:ymb3NkkiQ3mdBjFIgUEl

Malware Config

Targets

    • Target

      24bbcafce61fcc9bb767d3e131bb4f92c6538afe2fe8f97640080097c95e00d7

    • Size

      71KB

    • MD5

      b5f99be41bc6f6c2874ac000c367c3dd

    • SHA1

      23cf30149c2cce6de84600386aab8cdbcea16873

    • SHA256

      24bbcafce61fcc9bb767d3e131bb4f92c6538afe2fe8f97640080097c95e00d7

    • SHA512

      98d28fd550d7244bd6873f1390ef68d51a9c289f24462083a64b970ae98fd6d5fa233862c0394a368d30f5ac06eaadc6e26ef9a17a9017d2109f0c0a5976de5c

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnmkn:ymb3NkkiQ3mdBjFIgUEl

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks