General

  • Target

    30a3d87368f27b30b996ca5f1381dc0b_JaffaCakes118

  • Size

    8.1MB

  • Sample

    241010-s49w4stalc

  • MD5

    30a3d87368f27b30b996ca5f1381dc0b

  • SHA1

    6c4cfe8a426f9b0dd7a4ae808e98f7a5c86bf0e4

  • SHA256

    1ff156edf552a80b455218855738f7668f1905cd9189eee658fcacd8968a81eb

  • SHA512

    1cbfa8c867551e9c4b7da1dd0161f76eae2df61c027728e9b30fad811524be36af0e1b1c38d6f7d16617087ffe3ccf046280ebbc75d11b58082b1a4832f258ae

  • SSDEEP

    196608:QmEvVvVLJG4otpRDXAU9lKeHb3dlhr1ksBFyeSMeM/Dcky7UvK:QmsmtpRDQU/LHb33CjVMQRAvK

Malware Config

Targets

    • Target

      30a3d87368f27b30b996ca5f1381dc0b_JaffaCakes118

    • Size

      8.1MB

    • MD5

      30a3d87368f27b30b996ca5f1381dc0b

    • SHA1

      6c4cfe8a426f9b0dd7a4ae808e98f7a5c86bf0e4

    • SHA256

      1ff156edf552a80b455218855738f7668f1905cd9189eee658fcacd8968a81eb

    • SHA512

      1cbfa8c867551e9c4b7da1dd0161f76eae2df61c027728e9b30fad811524be36af0e1b1c38d6f7d16617087ffe3ccf046280ebbc75d11b58082b1a4832f258ae

    • SSDEEP

      196608:QmEvVvVLJG4otpRDXAU9lKeHb3dlhr1ksBFyeSMeM/Dcky7UvK:QmsmtpRDQU/LHb33CjVMQRAvK

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks