General

  • Target

    2024-06-21_b0a07a32bb08e23caf7e5245aec8e822_mafia

  • Size

    1.3MB

  • Sample

    240621-jxj8fascna

  • MD5

    b0a07a32bb08e23caf7e5245aec8e822

  • SHA1

    ca2bffff74279f5c0d286ed9bcf70ee972afd7f5

  • SHA256

    40bb7e128276d5a1ca882f0bf40bdaeff680dd6e94afa0636a0b69f02cc1b32b

  • SHA512

    003d71c2603d2269cf0eee30ba9521c7aefc6ed8cc134d5f21e252534f0d1f43555bd5b9588e5296023b78084f181899f30c11a12f6ea86fd4843c8e1bcf9d5b

  • SSDEEP

    24576:vGzhqOueVJqUO6tGS7n7P7BEMgsR64/iK6LfGJErGCkop0sUPYud9mjauRya5Iyz:vGo6tJ3TBEMvQOiMeGPop0sUPYu7U9r

Malware Config

Targets

    • Target

      2024-06-21_b0a07a32bb08e23caf7e5245aec8e822_mafia

    • Size

      1.3MB

    • MD5

      b0a07a32bb08e23caf7e5245aec8e822

    • SHA1

      ca2bffff74279f5c0d286ed9bcf70ee972afd7f5

    • SHA256

      40bb7e128276d5a1ca882f0bf40bdaeff680dd6e94afa0636a0b69f02cc1b32b

    • SHA512

      003d71c2603d2269cf0eee30ba9521c7aefc6ed8cc134d5f21e252534f0d1f43555bd5b9588e5296023b78084f181899f30c11a12f6ea86fd4843c8e1bcf9d5b

    • SSDEEP

      24576:vGzhqOueVJqUO6tGS7n7P7BEMgsR64/iK6LfGJErGCkop0sUPYud9mjauRya5Iyz:vGo6tJ3TBEMvQOiMeGPop0sUPYu7U9r

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks