General

  • Target

    2024-06-21_0a72b1880fa0a9f674b68402f6cd46e9_mafia

  • Size

    1.3MB

  • Sample

    240621-jmr6aswapq

  • MD5

    0a72b1880fa0a9f674b68402f6cd46e9

  • SHA1

    db1ac46c1091c972f4d5e15562b353fcef46323f

  • SHA256

    45e7c237fbe18f55106a76daa58c9c8690a661ec1d6a3bc1eb9661f49f14666d

  • SHA512

    b3ff3ba453fa7104729959b59866819b263568f37945038a78e611b8b705f8aba04f21d2ebb7e55ce96d104e640e9b35a046f4ee2ba70abad6a7a21cd78453f9

  • SSDEEP

    24576:vGzhqOueVJqUO6tGS7n7P7B9MgsR64/iK6LfGJErGCkop0sUPYud9mjauRya5Iyz:vGo6tJ3TB9MvQOiMeGPop0sUPYu7U9r

Malware Config

Targets

    • Target

      2024-06-21_0a72b1880fa0a9f674b68402f6cd46e9_mafia

    • Size

      1.3MB

    • MD5

      0a72b1880fa0a9f674b68402f6cd46e9

    • SHA1

      db1ac46c1091c972f4d5e15562b353fcef46323f

    • SHA256

      45e7c237fbe18f55106a76daa58c9c8690a661ec1d6a3bc1eb9661f49f14666d

    • SHA512

      b3ff3ba453fa7104729959b59866819b263568f37945038a78e611b8b705f8aba04f21d2ebb7e55ce96d104e640e9b35a046f4ee2ba70abad6a7a21cd78453f9

    • SSDEEP

      24576:vGzhqOueVJqUO6tGS7n7P7B9MgsR64/iK6LfGJErGCkop0sUPYud9mjauRya5Iyz:vGo6tJ3TB9MvQOiMeGPop0sUPYu7U9r

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks