General

  • Target

    258cc0632e30f7d3e9aa5ff21b5e9b9ae986ddcfd3e48c799f5bc120b7899d74

  • Size

    92KB

  • Sample

    240621-yc5e7szgqb

  • MD5

    20d5a6d62edf749d504e90d7304896e2

  • SHA1

    d023f135a2b795eb07997b6d9cff3cee7f5a72e2

  • SHA256

    258cc0632e30f7d3e9aa5ff21b5e9b9ae986ddcfd3e48c799f5bc120b7899d74

  • SHA512

    dbc1ae0908d1de7e8fdd6ad3de4dc68504bebb094e7e51b20a121ff0f1d5e31d3903ecc690f0034d2400e1f76bb0ccea1ea3d0fb0adcbc497ccf203a6ef3508e

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/210:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gq

Malware Config

Targets

    • Target

      258cc0632e30f7d3e9aa5ff21b5e9b9ae986ddcfd3e48c799f5bc120b7899d74

    • Size

      92KB

    • MD5

      20d5a6d62edf749d504e90d7304896e2

    • SHA1

      d023f135a2b795eb07997b6d9cff3cee7f5a72e2

    • SHA256

      258cc0632e30f7d3e9aa5ff21b5e9b9ae986ddcfd3e48c799f5bc120b7899d74

    • SHA512

      dbc1ae0908d1de7e8fdd6ad3de4dc68504bebb094e7e51b20a121ff0f1d5e31d3903ecc690f0034d2400e1f76bb0ccea1ea3d0fb0adcbc497ccf203a6ef3508e

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/210:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gq

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks