General

  • Target

    5180e223923ba73a37279c89c8c1cd76b9cbac5e44b833fd5ab4373b0342bb2f

  • Size

    340KB

  • Sample

    240620-11qm3atcmj

  • MD5

    7e15820ffed536e6a29ed483915c1c61

  • SHA1

    ff15bf32d34c754c6baae171481b47fb9542233c

  • SHA256

    5180e223923ba73a37279c89c8c1cd76b9cbac5e44b833fd5ab4373b0342bb2f

  • SHA512

    445b705df208eedab0cadf6f2b3fa238d761478a1f2d4471ca8480621be0e00bd6f0a21e258ed00603aaa6e0a3561bbfc83f06ae5427ae04ae364339ebdf643e

  • SSDEEP

    3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JBHNgu5ex1B2OkEv0KvmhNif:9cm4FmowdHoS4BtguSPKyHf

Malware Config

Targets

    • Target

      5180e223923ba73a37279c89c8c1cd76b9cbac5e44b833fd5ab4373b0342bb2f

    • Size

      340KB

    • MD5

      7e15820ffed536e6a29ed483915c1c61

    • SHA1

      ff15bf32d34c754c6baae171481b47fb9542233c

    • SHA256

      5180e223923ba73a37279c89c8c1cd76b9cbac5e44b833fd5ab4373b0342bb2f

    • SHA512

      445b705df208eedab0cadf6f2b3fa238d761478a1f2d4471ca8480621be0e00bd6f0a21e258ed00603aaa6e0a3561bbfc83f06ae5427ae04ae364339ebdf643e

    • SSDEEP

      3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JBHNgu5ex1B2OkEv0KvmhNif:9cm4FmowdHoS4BtguSPKyHf

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks