General

  • Target

    51c94cd565e86ac5ef92bde11cfc7d45_JaffaCakes118

  • Size

    132KB

  • Sample

    241017-mxn36sxfnj

  • MD5

    51c94cd565e86ac5ef92bde11cfc7d45

  • SHA1

    8f39e287ece1d5263d5876d70faa6a63abd61ad2

  • SHA256

    d616c06ff732cde4eccb873f02cdac5ab663e6c3f426a1bf6d4e765a880bdf13

  • SHA512

    91918b1061b342af9cd65d12b5ceba351d69d76d3a7d128b5dce98c7125fa59f1de38b99aaaf85f7a3db23833dd4a84a216c4f68b1fed2bbb85b3ff8e577f285

  • SSDEEP

    3072:sixk/6UiWZ51WCOKn7OsQlVYh3GDrYoQeT67po4zUkMT1byOAMoutv:sNiW3JrmYhG67p3hKoSv

Malware Config

Targets

    • Target

      51c94cd565e86ac5ef92bde11cfc7d45_JaffaCakes118

    • Size

      132KB

    • MD5

      51c94cd565e86ac5ef92bde11cfc7d45

    • SHA1

      8f39e287ece1d5263d5876d70faa6a63abd61ad2

    • SHA256

      d616c06ff732cde4eccb873f02cdac5ab663e6c3f426a1bf6d4e765a880bdf13

    • SHA512

      91918b1061b342af9cd65d12b5ceba351d69d76d3a7d128b5dce98c7125fa59f1de38b99aaaf85f7a3db23833dd4a84a216c4f68b1fed2bbb85b3ff8e577f285

    • SSDEEP

      3072:sixk/6UiWZ51WCOKn7OsQlVYh3GDrYoQeT67po4zUkMT1byOAMoutv:sNiW3JrmYhG67p3hKoSv

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks