General

  • Target

    4058195ee9b2118f9b294e1fe21f659422b756ec3c11ef0ce6ee152df34229e0

  • Size

    382KB

  • Sample

    240620-1aykzsxfnb

  • MD5

    b88c76d7a3cfd9da134666f48bc6e282

  • SHA1

    d31326aa51e14eb218df70aa31f17d9ffdff970a

  • SHA256

    4058195ee9b2118f9b294e1fe21f659422b756ec3c11ef0ce6ee152df34229e0

  • SHA512

    76d2b5c689a7bf75f7b6dbeb5bfaa53db55b8d2a8a297c0ad5c56b7657fcd79951325970ac7e9cd998fd093abf582940bb23dedde09876caf3796c4ea0c871c7

  • SSDEEP

    6144:kcm4FmowdHoSphraHcpOaKHpSwp9OD0IbswYTO+:y4wFHoS3eFaKHpNKbbsweO+

Malware Config

Targets

    • Target

      4058195ee9b2118f9b294e1fe21f659422b756ec3c11ef0ce6ee152df34229e0

    • Size

      382KB

    • MD5

      b88c76d7a3cfd9da134666f48bc6e282

    • SHA1

      d31326aa51e14eb218df70aa31f17d9ffdff970a

    • SHA256

      4058195ee9b2118f9b294e1fe21f659422b756ec3c11ef0ce6ee152df34229e0

    • SHA512

      76d2b5c689a7bf75f7b6dbeb5bfaa53db55b8d2a8a297c0ad5c56b7657fcd79951325970ac7e9cd998fd093abf582940bb23dedde09876caf3796c4ea0c871c7

    • SSDEEP

      6144:kcm4FmowdHoSphraHcpOaKHpSwp9OD0IbswYTO+:y4wFHoS3eFaKHpNKbbsweO+

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks