General

  • Target

    2024-06-06_341b8a2ac0e688a371ad98cb3d9875de_mafia

  • Size

    1.8MB

  • Sample

    240606-r5zbbsgf24

  • MD5

    341b8a2ac0e688a371ad98cb3d9875de

  • SHA1

    9ec58a1502aa9efb52af634cc56b4c7315b843df

  • SHA256

    8692181ed8e1270507c8bda8db7f825158c21b25ccdcf88576ead7d7ea7bea86

  • SHA512

    e056f95a115065c379c663cf76fbc456a1213dce4b33297eddfb6403656a30728f3af13a1b69a5a405c15610fe35421916fcb3693b5d4b872410425c2dbc9c09

  • SSDEEP

    49152:egVCCBnU/eDFwaZym4/I07Slp0sUPYu7UPU:T1nUoQI07QpMAH

Malware Config

Targets

    • Target

      2024-06-06_341b8a2ac0e688a371ad98cb3d9875de_mafia

    • Size

      1.8MB

    • MD5

      341b8a2ac0e688a371ad98cb3d9875de

    • SHA1

      9ec58a1502aa9efb52af634cc56b4c7315b843df

    • SHA256

      8692181ed8e1270507c8bda8db7f825158c21b25ccdcf88576ead7d7ea7bea86

    • SHA512

      e056f95a115065c379c663cf76fbc456a1213dce4b33297eddfb6403656a30728f3af13a1b69a5a405c15610fe35421916fcb3693b5d4b872410425c2dbc9c09

    • SSDEEP

      49152:egVCCBnU/eDFwaZym4/I07Slp0sUPYu7UPU:T1nUoQI07QpMAH

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks