General

  • Target

    39ceabdf6d79987bf005cac8fb4d9282ff3b3dd7f845c9868e02dd1b15604656

  • Size

    373KB

  • Sample

    240605-z41f1ahe9y

  • MD5

    aa77c454405b6bb32b73e0760a1dcbc9

  • SHA1

    ffc72d5083ae8cbc9b8b05eef6dd460ee152362d

  • SHA256

    39ceabdf6d79987bf005cac8fb4d9282ff3b3dd7f845c9868e02dd1b15604656

  • SHA512

    b8e52ef664d48ec5ece7616d11fb235811535c062fc5bc474d0244afb79976ab0a1f4bef33cc62249e33921f1fe4c960dd5cf86338321dc20e6e5b04ecbe9b42

  • SSDEEP

    6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMMp:n3C9uYA7i3/stR9HGYyvtTxTKMw

Malware Config

Targets

    • Target

      39ceabdf6d79987bf005cac8fb4d9282ff3b3dd7f845c9868e02dd1b15604656

    • Size

      373KB

    • MD5

      aa77c454405b6bb32b73e0760a1dcbc9

    • SHA1

      ffc72d5083ae8cbc9b8b05eef6dd460ee152362d

    • SHA256

      39ceabdf6d79987bf005cac8fb4d9282ff3b3dd7f845c9868e02dd1b15604656

    • SHA512

      b8e52ef664d48ec5ece7616d11fb235811535c062fc5bc474d0244afb79976ab0a1f4bef33cc62249e33921f1fe4c960dd5cf86338321dc20e6e5b04ecbe9b42

    • SSDEEP

      6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMMp:n3C9uYA7i3/stR9HGYyvtTxTKMw

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks