General

  • Target

    00e53dcea70a20709777e725bc4b0e359285f17e9e2dfe4919c877d1094b237b

  • Size

    128KB

  • Sample

    240606-wrdvpahf6w

  • MD5

    fa27955c0948f226fd4169f06ed0221c

  • SHA1

    0b840b302f6a99c0752c66eeb1c59ef218cceb19

  • SHA256

    00e53dcea70a20709777e725bc4b0e359285f17e9e2dfe4919c877d1094b237b

  • SHA512

    9ce25e5c28596bc868a82da5929af9349d4a3feffb27b22032962d8b88f8d572df758820b87ef0d3269b78cbe78bb5624e45dfc3e683128babd3fe7380d78a51

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtF:n3C9BRW0j/uVEZFJvL

Malware Config

Targets

    • Target

      00e53dcea70a20709777e725bc4b0e359285f17e9e2dfe4919c877d1094b237b

    • Size

      128KB

    • MD5

      fa27955c0948f226fd4169f06ed0221c

    • SHA1

      0b840b302f6a99c0752c66eeb1c59ef218cceb19

    • SHA256

      00e53dcea70a20709777e725bc4b0e359285f17e9e2dfe4919c877d1094b237b

    • SHA512

      9ce25e5c28596bc868a82da5929af9349d4a3feffb27b22032962d8b88f8d572df758820b87ef0d3269b78cbe78bb5624e45dfc3e683128babd3fe7380d78a51

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtF:n3C9BRW0j/uVEZFJvL

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks