General

  • Target

    36f1b9138e160f3913d4b84e618eb7c6ee6969ed2dd9f88a1420a4c91eb7698d

  • Size

    388KB

  • Sample

    240605-zy3deaad42

  • MD5

    3d3e835807b0261493422f04032379c1

  • SHA1

    6e5d48e1f1b43f625d8fa9ebe7a89a341b559f65

  • SHA256

    36f1b9138e160f3913d4b84e618eb7c6ee6969ed2dd9f88a1420a4c91eb7698d

  • SHA512

    1c6dd9cc993f633c71d7fb4da90d88bce43fa40c38268acfdfeab09bbb96d9dd526ba94ead1e4a4a8b0753d4391a3541cfffcd8e572bd02e344068c7df18339b

  • SSDEEP

    6144:n3C9BRo7tvnJ9oH0IRgZvjkKoA+0oD/BBT7bF:n3C9ytvngQjA/fT7bF

Malware Config

Targets

    • Target

      36f1b9138e160f3913d4b84e618eb7c6ee6969ed2dd9f88a1420a4c91eb7698d

    • Size

      388KB

    • MD5

      3d3e835807b0261493422f04032379c1

    • SHA1

      6e5d48e1f1b43f625d8fa9ebe7a89a341b559f65

    • SHA256

      36f1b9138e160f3913d4b84e618eb7c6ee6969ed2dd9f88a1420a4c91eb7698d

    • SHA512

      1c6dd9cc993f633c71d7fb4da90d88bce43fa40c38268acfdfeab09bbb96d9dd526ba94ead1e4a4a8b0753d4391a3541cfffcd8e572bd02e344068c7df18339b

    • SSDEEP

      6144:n3C9BRo7tvnJ9oH0IRgZvjkKoA+0oD/BBT7bF:n3C9ytvngQjA/fT7bF

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks