General

  • Target

    6eb7022b2e8dd3b3e74df7a7a05b935bcd5053fd69374b1781e22f88e05967ab

  • Size

    409KB

  • Sample

    240606-avny6scg7v

  • MD5

    5fc029b26038c0cdcf5071d4f7800fa0

  • SHA1

    102df584799b16e511fddd64768eb6cef0963fce

  • SHA256

    6eb7022b2e8dd3b3e74df7a7a05b935bcd5053fd69374b1781e22f88e05967ab

  • SHA512

    17bbe0a989fc340af94b87f1ed3bb6254d98943df101d0df545487525a9010fcf93257a93df20cedf6cf4de4498d978e0093fe12c50a0eab0053e012a951f486

  • SSDEEP

    3072:PhOm2sI93UufdC67cihfmCiiiXAsACF486jJSp1Bwc4:Pcm7ImGddXtWrXD486jJq1Bwc4

Malware Config

Targets

    • Target

      6eb7022b2e8dd3b3e74df7a7a05b935bcd5053fd69374b1781e22f88e05967ab

    • Size

      409KB

    • MD5

      5fc029b26038c0cdcf5071d4f7800fa0

    • SHA1

      102df584799b16e511fddd64768eb6cef0963fce

    • SHA256

      6eb7022b2e8dd3b3e74df7a7a05b935bcd5053fd69374b1781e22f88e05967ab

    • SHA512

      17bbe0a989fc340af94b87f1ed3bb6254d98943df101d0df545487525a9010fcf93257a93df20cedf6cf4de4498d978e0093fe12c50a0eab0053e012a951f486

    • SSDEEP

      3072:PhOm2sI93UufdC67cihfmCiiiXAsACF486jJSp1Bwc4:Pcm7ImGddXtWrXD486jJq1Bwc4

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks