General

  • Target

    190c1d3d1f171e6475c118d162e632e40d8ca596d0cd30df1052a6398e6f4773

  • Size

    80KB

  • Sample

    241017-xm4qzstcqm

  • MD5

    44ab132e64b8cda5ab2fdbc612e749c2

  • SHA1

    27340bc4a07b75d4b126e5cb7a10a65e8cf27621

  • SHA256

    190c1d3d1f171e6475c118d162e632e40d8ca596d0cd30df1052a6398e6f4773

  • SHA512

    e8c7d3a620adb7ba2aa1b65b8bf5e8d31affc20373e6f794c0cc8943cbba0c129942c533b4c023a0a3550db5186076521b72f456aa689f3187a02e63bf0345d5

  • SSDEEP

    1536:+VtjAKqURk0Ex/tIWLSYGc5cmFF+TTdGka2dQe5GrpXLaN:CN1qURFY/RLSO5cmFY9GMdKGN

Malware Config

Targets

    • Target

      190c1d3d1f171e6475c118d162e632e40d8ca596d0cd30df1052a6398e6f4773

    • Size

      80KB

    • MD5

      44ab132e64b8cda5ab2fdbc612e749c2

    • SHA1

      27340bc4a07b75d4b126e5cb7a10a65e8cf27621

    • SHA256

      190c1d3d1f171e6475c118d162e632e40d8ca596d0cd30df1052a6398e6f4773

    • SHA512

      e8c7d3a620adb7ba2aa1b65b8bf5e8d31affc20373e6f794c0cc8943cbba0c129942c533b4c023a0a3550db5186076521b72f456aa689f3187a02e63bf0345d5

    • SSDEEP

      1536:+VtjAKqURk0Ex/tIWLSYGc5cmFF+TTdGka2dQe5GrpXLaN:CN1qURFY/RLSO5cmFY9GMdKGN

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks