General

  • Target

    4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a

  • Size

    3.7MB

  • Sample

    241017-1b1rqsxekd

  • MD5

    2235c764ae47ecdb6a76a80474849183

  • SHA1

    346c32a4305f8dbb182a2514cfbb7bcc3856cac9

  • SHA256

    4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a

  • SHA512

    552e7ac089cc1c16b6abf87d675d1c13e19a28d110772aab0d53c6e890857cf7d4aa5cc96b15bd4e23ca88b0f9e1c3d65a52228ecf342305b852a637fb95071d

  • SSDEEP

    98304:hyyRWs+dq591REs7+n6VVaxMsbajz7fIjufFJbzV5mNVD3AFzX4cfAkbqG/zi3nJ:wOhaKhfFJbzV5mNVD3A3Ny

Malware Config

Targets

    • Target

      4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a

    • Size

      3.7MB

    • MD5

      2235c764ae47ecdb6a76a80474849183

    • SHA1

      346c32a4305f8dbb182a2514cfbb7bcc3856cac9

    • SHA256

      4a94177c9e35839b94091abae892e141a2311df00b3d78d00fd29e621e68d17a

    • SHA512

      552e7ac089cc1c16b6abf87d675d1c13e19a28d110772aab0d53c6e890857cf7d4aa5cc96b15bd4e23ca88b0f9e1c3d65a52228ecf342305b852a637fb95071d

    • SSDEEP

      98304:hyyRWs+dq591REs7+n6VVaxMsbajz7fIjufFJbzV5mNVD3AFzX4cfAkbqG/zi3nJ:wOhaKhfFJbzV5mNVD3A3Ny

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks