General

  • Target

    8311c27b3f22f057f1cccb93291e33e7495006d5836ed036e564c8855b67c2b4

  • Size

    721KB

  • Sample

    240606-cgx12afc96

  • MD5

    2b0d973234ae85fb3afe868237d7e24b

  • SHA1

    51a0f085374476dbd0b93f5af61370c94b72f612

  • SHA256

    8311c27b3f22f057f1cccb93291e33e7495006d5836ed036e564c8855b67c2b4

  • SHA512

    30026b5fd970865f1ed59a4b08616df8e4d4223fa9c77f7aa799d2a2f35842d998559fbf2db22368041effcaced30d2c0bfed276161cf3b325e3cdb70d709cd7

  • SSDEEP

    12288:n3C9yMo+S0L9xRnoq7H9xqYL5oeEF5rna9sUxg7udOxPJVSjYg8lcmJ1MZxEkTsi:SgD4bhoqLDqYLS7w4G

Malware Config

Targets

    • Target

      8311c27b3f22f057f1cccb93291e33e7495006d5836ed036e564c8855b67c2b4

    • Size

      721KB

    • MD5

      2b0d973234ae85fb3afe868237d7e24b

    • SHA1

      51a0f085374476dbd0b93f5af61370c94b72f612

    • SHA256

      8311c27b3f22f057f1cccb93291e33e7495006d5836ed036e564c8855b67c2b4

    • SHA512

      30026b5fd970865f1ed59a4b08616df8e4d4223fa9c77f7aa799d2a2f35842d998559fbf2db22368041effcaced30d2c0bfed276161cf3b325e3cdb70d709cd7

    • SSDEEP

      12288:n3C9yMo+S0L9xRnoq7H9xqYL5oeEF5rna9sUxg7udOxPJVSjYg8lcmJ1MZxEkTsi:SgD4bhoqLDqYLS7w4G

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks