General

  • Target

    27a07f7b6d0c1d948cb0ddc0d24687d8d8d370593ad86c83a51e16ce50efee05

  • Size

    63KB

  • Sample

    240621-yezyhavanm

  • MD5

    1d4b3c2ce9a3f3c4a9ca740b542ed8f9

  • SHA1

    ec6204c17e07d69556c51a3b925e723fda8a06b6

  • SHA256

    27a07f7b6d0c1d948cb0ddc0d24687d8d8d370593ad86c83a51e16ce50efee05

  • SHA512

    e7d59377a5e3fff5f51e103075f5a9e0b9b3587bed6660c8048a6904ef9228a8a452b8a7b70a705f7a2ffc9c58704085370aa40cb36319d793da272b2e088c1a

  • SSDEEP

    1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+EMdb46h:zhOmTsF93UYfwC6GIoutiTWMdbBh

Malware Config

Targets

    • Target

      27a07f7b6d0c1d948cb0ddc0d24687d8d8d370593ad86c83a51e16ce50efee05

    • Size

      63KB

    • MD5

      1d4b3c2ce9a3f3c4a9ca740b542ed8f9

    • SHA1

      ec6204c17e07d69556c51a3b925e723fda8a06b6

    • SHA256

      27a07f7b6d0c1d948cb0ddc0d24687d8d8d370593ad86c83a51e16ce50efee05

    • SHA512

      e7d59377a5e3fff5f51e103075f5a9e0b9b3587bed6660c8048a6904ef9228a8a452b8a7b70a705f7a2ffc9c58704085370aa40cb36319d793da272b2e088c1a

    • SSDEEP

      1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+EMdb46h:zhOmTsF93UYfwC6GIoutiTWMdbBh

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks