General

  • Target

    392bda7a753a0de304c70818096c1033eb2b3425d17cb5378fb84796cc5c2621

  • Size

    67KB

  • Sample

    240605-z34r2aae39

  • MD5

    615eaa33cc649449330d364d4a76ac6a

  • SHA1

    e357ebdea4593106a5ba5d7dc26836a40df5e0f4

  • SHA256

    392bda7a753a0de304c70818096c1033eb2b3425d17cb5378fb84796cc5c2621

  • SHA512

    0c8262b2f32656664ffee8e0210bbd1ab0c0c2fd259fbeb72e15762055cd87d695efdd7c3019bf1d3ae3b53748224b49518fe233e7b91e324f0287d1dcea7ac3

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ/:ymb3NkkiQ3mdBjF0yUm9

Malware Config

Targets

    • Target

      392bda7a753a0de304c70818096c1033eb2b3425d17cb5378fb84796cc5c2621

    • Size

      67KB

    • MD5

      615eaa33cc649449330d364d4a76ac6a

    • SHA1

      e357ebdea4593106a5ba5d7dc26836a40df5e0f4

    • SHA256

      392bda7a753a0de304c70818096c1033eb2b3425d17cb5378fb84796cc5c2621

    • SHA512

      0c8262b2f32656664ffee8e0210bbd1ab0c0c2fd259fbeb72e15762055cd87d695efdd7c3019bf1d3ae3b53748224b49518fe233e7b91e324f0287d1dcea7ac3

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ/:ymb3NkkiQ3mdBjF0yUm9

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks