General

  • Target

    38f97420fbd5cb1999668d47c05c01aa7676a012eda810aa6a6246a5266ebc99

  • Size

    205KB

  • Sample

    240605-z3dwlsae27

  • MD5

    d1d554fe74b0c8a64c6b8e1658ac9d67

  • SHA1

    959f40fc65518dc099a1cc7d3a67fa4e97da968a

  • SHA256

    38f97420fbd5cb1999668d47c05c01aa7676a012eda810aa6a6246a5266ebc99

  • SHA512

    27cad344cee88162c505f8334a22e9d646fb5044cd80046adad7e7ca9af042ce4d3459db5824d238485115d264b0f68df431c00dcbc5690dd7dc4a5e66a1b03e

  • SSDEEP

    6144:rcm4FmowdHoStBuhW246lCXb7YpdnSj6Ksa0:x4wFHoSLjr0+Hsa0

Malware Config

Targets

    • Target

      38f97420fbd5cb1999668d47c05c01aa7676a012eda810aa6a6246a5266ebc99

    • Size

      205KB

    • MD5

      d1d554fe74b0c8a64c6b8e1658ac9d67

    • SHA1

      959f40fc65518dc099a1cc7d3a67fa4e97da968a

    • SHA256

      38f97420fbd5cb1999668d47c05c01aa7676a012eda810aa6a6246a5266ebc99

    • SHA512

      27cad344cee88162c505f8334a22e9d646fb5044cd80046adad7e7ca9af042ce4d3459db5824d238485115d264b0f68df431c00dcbc5690dd7dc4a5e66a1b03e

    • SSDEEP

      6144:rcm4FmowdHoStBuhW246lCXb7YpdnSj6Ksa0:x4wFHoSLjr0+Hsa0

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks