General

  • Target

    2024-06-21_bb91dce9e2c7c74207754d464bc3544d_mafia

  • Size

    1.3MB

  • Sample

    240621-labnwsyanj

  • MD5

    bb91dce9e2c7c74207754d464bc3544d

  • SHA1

    0288e2c88769594d452a3d34ef3de8e28a11b21c

  • SHA256

    8de3a8bcacc602301bd5be7fd232614855dfc84570c820e742ca485b93230a99

  • SHA512

    69c7a17f5ae6cbb73ec3e48c6aa0c49449c9dde91feead297f8d9f0cc9150b464a7a348f5292e8ead395ab6fb4e73cd6a9b40ac2b3f0f51e22696aaab98d419b

  • SSDEEP

    24576:R1UGLrmwPVsjEkazzCmZpslRI4/iK6LfGJErGCkfp0sUPYud9mj1uRyRsGyz:Ru2jkaqmZpwOOiMeGPfp0sUPYu7UQq

Malware Config

Targets

    • Target

      2024-06-21_bb91dce9e2c7c74207754d464bc3544d_mafia

    • Size

      1.3MB

    • MD5

      bb91dce9e2c7c74207754d464bc3544d

    • SHA1

      0288e2c88769594d452a3d34ef3de8e28a11b21c

    • SHA256

      8de3a8bcacc602301bd5be7fd232614855dfc84570c820e742ca485b93230a99

    • SHA512

      69c7a17f5ae6cbb73ec3e48c6aa0c49449c9dde91feead297f8d9f0cc9150b464a7a348f5292e8ead395ab6fb4e73cd6a9b40ac2b3f0f51e22696aaab98d419b

    • SSDEEP

      24576:R1UGLrmwPVsjEkazzCmZpslRI4/iK6LfGJErGCkfp0sUPYud9mj1uRyRsGyz:Ru2jkaqmZpwOOiMeGPfp0sUPYu7UQq

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks