General

  • Target

    9464e81a5e69d90a6e88bb890beb28c09cc35fb8e611b371885a4ca32ae12d3cN

  • Size

    1.5MB

  • Sample

    241017-pcgvgawgqf

  • MD5

    1db8b8e360b61b0537dbbca026b3cf70

  • SHA1

    7c1daf3294be0d0ef8f5baaa409f0b5783efe6a7

  • SHA256

    9464e81a5e69d90a6e88bb890beb28c09cc35fb8e611b371885a4ca32ae12d3c

  • SHA512

    856d42183031becdcc6c4f09961b0c000db95d7f6ebda51064013b7d4a5f645f4b43528a166af59cf950e0896466e01db7551d9e6bfa605f13ea083fd1b3027b

  • SSDEEP

    12288:fqGKl6bcNQSjEgkSiP8Lr2mFE66kjlKuJ9J7tfg+LRZq01Y:fNKl6b8JYgyP8WTGIuhZvPq

Malware Config

Targets

    • Target

      9464e81a5e69d90a6e88bb890beb28c09cc35fb8e611b371885a4ca32ae12d3cN

    • Size

      1.5MB

    • MD5

      1db8b8e360b61b0537dbbca026b3cf70

    • SHA1

      7c1daf3294be0d0ef8f5baaa409f0b5783efe6a7

    • SHA256

      9464e81a5e69d90a6e88bb890beb28c09cc35fb8e611b371885a4ca32ae12d3c

    • SHA512

      856d42183031becdcc6c4f09961b0c000db95d7f6ebda51064013b7d4a5f645f4b43528a166af59cf950e0896466e01db7551d9e6bfa605f13ea083fd1b3027b

    • SSDEEP

      12288:fqGKl6bcNQSjEgkSiP8Lr2mFE66kjlKuJ9J7tfg+LRZq01Y:fNKl6b8JYgyP8WTGIuhZvPq

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks