General

  • Target

    585d667cf74dae2c3d9ab8ccaa9f9eb32ee0517658267129a284459a1c09f707

  • Size

    68KB

  • Sample

    240620-1737qszcrc

  • MD5

    0ddda41159ca6b489f3e3e3706605b34

  • SHA1

    60e1690baa303d1b1a76bb7bc1720d4f1695d864

  • SHA256

    585d667cf74dae2c3d9ab8ccaa9f9eb32ee0517658267129a284459a1c09f707

  • SHA512

    c2058a08d9f8ced326ea4f28a0d2df1e96dc2433227e4c61f108742d142c5d0dbd9252eb0e765819f1e0e3b6eb8bdbfdd6f825c5e7af01f783d15670e38540e0

  • SSDEEP

    1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNYLIALUmYgo:khOmTsF93UYfwC6GIoutpY4ALUmG

Malware Config

Targets

    • Target

      585d667cf74dae2c3d9ab8ccaa9f9eb32ee0517658267129a284459a1c09f707

    • Size

      68KB

    • MD5

      0ddda41159ca6b489f3e3e3706605b34

    • SHA1

      60e1690baa303d1b1a76bb7bc1720d4f1695d864

    • SHA256

      585d667cf74dae2c3d9ab8ccaa9f9eb32ee0517658267129a284459a1c09f707

    • SHA512

      c2058a08d9f8ced326ea4f28a0d2df1e96dc2433227e4c61f108742d142c5d0dbd9252eb0e765819f1e0e3b6eb8bdbfdd6f825c5e7af01f783d15670e38540e0

    • SSDEEP

      1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNYLIALUmYgo:khOmTsF93UYfwC6GIoutpY4ALUmG

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks