General

  • Target

    53b5d7d186c6efd50f5108b7ee3a4f88_JaffaCakes118

  • Size

    142KB

  • Sample

    241017-ztqh2swdmg

  • MD5

    53b5d7d186c6efd50f5108b7ee3a4f88

  • SHA1

    b5db1425c957c2e4bbc2ab95a6286bb26271c0ed

  • SHA256

    80b7777fed262a71f69254a339f2622f72cf2804d2bbaedc59f5d9e81f5826af

  • SHA512

    67591a22aa78c63abadfc3f40132234545754c7f3af83636f300bc181422d933c37811756bf60c7fdb7730ba8c91600fa806d3624c1031334c53a1c668139a66

  • SSDEEP

    3072:gLk395hYXJVyc77e2/VguhT5LaLg+hMv+uVn/66mYMCpGmGhMfxeTi:gQqXy+7NxhTv+7uRmv2KCpGi

Malware Config

Targets

    • Target

      53b5d7d186c6efd50f5108b7ee3a4f88_JaffaCakes118

    • Size

      142KB

    • MD5

      53b5d7d186c6efd50f5108b7ee3a4f88

    • SHA1

      b5db1425c957c2e4bbc2ab95a6286bb26271c0ed

    • SHA256

      80b7777fed262a71f69254a339f2622f72cf2804d2bbaedc59f5d9e81f5826af

    • SHA512

      67591a22aa78c63abadfc3f40132234545754c7f3af83636f300bc181422d933c37811756bf60c7fdb7730ba8c91600fa806d3624c1031334c53a1c668139a66

    • SSDEEP

      3072:gLk395hYXJVyc77e2/VguhT5LaLg+hMv+uVn/66mYMCpGmGhMfxeTi:gQqXy+7NxhTv+7uRmv2KCpGi

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks