General

  • Target

    55fc9f14a88790b6d6e26aa6039a96b9ba0040c52ef4c80aef7a296e52c3bb69

  • Size

    362KB

  • Sample

    240621-1hxzeswdnn

  • MD5

    add8770323a99667a3f48dea6b31f414

  • SHA1

    5aa5dabf94c2bce29212e3fd0d31bc18031c3dda

  • SHA256

    55fc9f14a88790b6d6e26aa6039a96b9ba0040c52ef4c80aef7a296e52c3bb69

  • SHA512

    b6b8115fb7735b950a8bfb25394ee9528dc00c6ad05719eb4781fc1d6003ba5eeed4ed9ede1b68518c7c7a04db289ef25dcf119f99d0f317f01d3e124f2d72ab

  • SSDEEP

    6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7y:n3C9uYA71kSMu08px7y

Malware Config

Targets

    • Target

      55fc9f14a88790b6d6e26aa6039a96b9ba0040c52ef4c80aef7a296e52c3bb69

    • Size

      362KB

    • MD5

      add8770323a99667a3f48dea6b31f414

    • SHA1

      5aa5dabf94c2bce29212e3fd0d31bc18031c3dda

    • SHA256

      55fc9f14a88790b6d6e26aa6039a96b9ba0040c52ef4c80aef7a296e52c3bb69

    • SHA512

      b6b8115fb7735b950a8bfb25394ee9528dc00c6ad05719eb4781fc1d6003ba5eeed4ed9ede1b68518c7c7a04db289ef25dcf119f99d0f317f01d3e124f2d72ab

    • SSDEEP

      6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7y:n3C9uYA71kSMu08px7y

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks