General

  • Target

    3ca6a7e204a71b22fb5cb11dc6d4c9550c3bef6ddd11aa6f0c420f715b524329

  • Size

    81KB

  • Sample

    240620-z5wt7s1glm

  • MD5

    afaa9b195734a45eeb849d9cf8eb22fe

  • SHA1

    bb292e73126f087ce983f4f2eac5b788b7845a69

  • SHA256

    3ca6a7e204a71b22fb5cb11dc6d4c9550c3bef6ddd11aa6f0c420f715b524329

  • SHA512

    58627a00fb59b3c346a35ba507ca36a0fb77a5e2342e9c6b7ce9ff1297e422ba01d82b3771c5c3c27a5e0e3d5f3c16a52eeeabaf13c352555540ba8dc4af154f

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5Qb9:ymb3NkkiQ3mdBjFoLkmx/g8ZKzQb9

Malware Config

Targets

    • Target

      3ca6a7e204a71b22fb5cb11dc6d4c9550c3bef6ddd11aa6f0c420f715b524329

    • Size

      81KB

    • MD5

      afaa9b195734a45eeb849d9cf8eb22fe

    • SHA1

      bb292e73126f087ce983f4f2eac5b788b7845a69

    • SHA256

      3ca6a7e204a71b22fb5cb11dc6d4c9550c3bef6ddd11aa6f0c420f715b524329

    • SHA512

      58627a00fb59b3c346a35ba507ca36a0fb77a5e2342e9c6b7ce9ff1297e422ba01d82b3771c5c3c27a5e0e3d5f3c16a52eeeabaf13c352555540ba8dc4af154f

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5Qb9:ymb3NkkiQ3mdBjFoLkmx/g8ZKzQb9

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks