General

  • Target

    58131af88fb3be78f9487a0df0439726_JaffaCakes118

  • Size

    847KB

  • Sample

    241018-sdtgfashkd

  • MD5

    58131af88fb3be78f9487a0df0439726

  • SHA1

    61793716abc0f19709ccbbbd70fa312e83f3b397

  • SHA256

    dd5d9f64568dbc55a7ca3c70e81f69afe78d74133531e4565942f89876b37749

  • SHA512

    dc5a0e7b07a05bb051c4d862e40531c618560fece8efaa48962449e0528319999e0918fce1c3edbbe275461d61df0159c2b35498c090254ff8aa156aaadeb16d

  • SSDEEP

    24576:kjxHAnpPm5bg+JTJ1/wCn3qbI5XRquDmIK2n0V4:kF6ijZJJ1g2q+mINn0V

Malware Config

Targets

    • Target

      58131af88fb3be78f9487a0df0439726_JaffaCakes118

    • Size

      847KB

    • MD5

      58131af88fb3be78f9487a0df0439726

    • SHA1

      61793716abc0f19709ccbbbd70fa312e83f3b397

    • SHA256

      dd5d9f64568dbc55a7ca3c70e81f69afe78d74133531e4565942f89876b37749

    • SHA512

      dc5a0e7b07a05bb051c4d862e40531c618560fece8efaa48962449e0528319999e0918fce1c3edbbe275461d61df0159c2b35498c090254ff8aa156aaadeb16d

    • SSDEEP

      24576:kjxHAnpPm5bg+JTJ1/wCn3qbI5XRquDmIK2n0V4:kF6ijZJJ1g2q+mINn0V

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks