General

  • Target

    2024-10-17_ee7b4efe98eb1fac28a8bcb68c5e6d5c_eternalromance_icedid_mimikatz_qakbot

  • Size

    8.8MB

  • Sample

    241017-pvzs1a1elj

  • MD5

    ee7b4efe98eb1fac28a8bcb68c5e6d5c

  • SHA1

    6a930a36fe1f06302a505ae1a281280fcc18be24

  • SHA256

    e145ac6a651c72bb03e5c6d0a6ae337de6267a32c874c92c0d31fbd46d28e137

  • SHA512

    e551cfa338dafa1a30a50d5bd27d9d7bc404adc7cbea20ba59e7740e6660fedd647359a5403ae356d1f5bb84db894aa6461eb5cbb46e37733ae44d92a9a5bdb6

  • SSDEEP

    98304:A+/mLsGZ6NBaEDvDgYm930k3OxsdOqy1zQ9PvJ6OAhQrK4m:qZYRm9kFsdLrZAV4m

Malware Config

Targets

    • Target

      2024-10-17_ee7b4efe98eb1fac28a8bcb68c5e6d5c_eternalromance_icedid_mimikatz_qakbot

    • Size

      8.8MB

    • MD5

      ee7b4efe98eb1fac28a8bcb68c5e6d5c

    • SHA1

      6a930a36fe1f06302a505ae1a281280fcc18be24

    • SHA256

      e145ac6a651c72bb03e5c6d0a6ae337de6267a32c874c92c0d31fbd46d28e137

    • SHA512

      e551cfa338dafa1a30a50d5bd27d9d7bc404adc7cbea20ba59e7740e6660fedd647359a5403ae356d1f5bb84db894aa6461eb5cbb46e37733ae44d92a9a5bdb6

    • SSDEEP

      98304:A+/mLsGZ6NBaEDvDgYm930k3OxsdOqy1zQ9PvJ6OAhQrK4m:qZYRm9kFsdLrZAV4m

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

MITRE ATT&CK Enterprise v15

Tasks