General

  • Target

    2d93bb15e48a4c2c553428ce02bccd7267ce07cd36de72607e92891f1f30b42a

  • Size

    160KB

  • Sample

    240605-zaxs1sgg8x

  • MD5

    3bc6e55b2eef93e98d33bd8e443aaca2

  • SHA1

    86949464989796b85463452e41897f8d7fb0c62d

  • SHA256

    2d93bb15e48a4c2c553428ce02bccd7267ce07cd36de72607e92891f1f30b42a

  • SHA512

    4a572e93ee96c36db56bbf02f344c81f7cd5b07d5b48f0c0535467b030b0b1dd46ab01f528f13e02c446b6fb008d5d793f4c8ad1036608da42d3c9820a51965d

  • SSDEEP

    3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLK:ccm4FmowdHoSi9E1

Malware Config

Targets

    • Target

      2d93bb15e48a4c2c553428ce02bccd7267ce07cd36de72607e92891f1f30b42a

    • Size

      160KB

    • MD5

      3bc6e55b2eef93e98d33bd8e443aaca2

    • SHA1

      86949464989796b85463452e41897f8d7fb0c62d

    • SHA256

      2d93bb15e48a4c2c553428ce02bccd7267ce07cd36de72607e92891f1f30b42a

    • SHA512

      4a572e93ee96c36db56bbf02f344c81f7cd5b07d5b48f0c0535467b030b0b1dd46ab01f528f13e02c446b6fb008d5d793f4c8ad1036608da42d3c9820a51965d

    • SSDEEP

      3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLK:ccm4FmowdHoSi9E1

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks