General

  • Target

    171b03b4d3c8f761f033e3a2e46b399192556c424c87a57cc3322f8dce818261

  • Size

    95KB

  • Sample

    240621-xqw6bazdmb

  • MD5

    a43713afbc7dfc0037f1d1e117e4e9cc

  • SHA1

    0c7518dc3af24ea0a622cc42f7b1c2c5f517332e

  • SHA256

    171b03b4d3c8f761f033e3a2e46b399192556c424c87a57cc3322f8dce818261

  • SHA512

    53725239a5a644b9221b76f572288e8be0b0c6f0755dedfe0ca62e24e48ab45eac2e600e3e4b94aeaf630898fd2e877644b6601d09fd8321c13d78fdcfd4cdfb

  • SSDEEP

    1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWprCp:8hOmTsF93UYfwC6GIout0fmCiiiXA6my

Malware Config

Targets

    • Target

      171b03b4d3c8f761f033e3a2e46b399192556c424c87a57cc3322f8dce818261

    • Size

      95KB

    • MD5

      a43713afbc7dfc0037f1d1e117e4e9cc

    • SHA1

      0c7518dc3af24ea0a622cc42f7b1c2c5f517332e

    • SHA256

      171b03b4d3c8f761f033e3a2e46b399192556c424c87a57cc3322f8dce818261

    • SHA512

      53725239a5a644b9221b76f572288e8be0b0c6f0755dedfe0ca62e24e48ab45eac2e600e3e4b94aeaf630898fd2e877644b6601d09fd8321c13d78fdcfd4cdfb

    • SSDEEP

      1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWprCp:8hOmTsF93UYfwC6GIout0fmCiiiXA6my

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks