General

  • Target

    4a677a3a22b4a4bada37085e2772f3fbb30acd00c050883d766da50cc7785a1c

  • Size

    445KB

  • Sample

    241018-z9kmqs1ekj

  • MD5

    e850fac6fe88502817f8b69c4bac9d02

  • SHA1

    ed987e2ede50bb7775c2cb784a0aedf7fde69b52

  • SHA256

    4a677a3a22b4a4bada37085e2772f3fbb30acd00c050883d766da50cc7785a1c

  • SHA512

    eea02c19a26768e60c319c88fe72b42b2f16208e5db8a7b0ae2ad37e56a54fb7a1a6da72c95adf0a4775b9ac2f250e567c97b21b195062f410bf48a5f5841ed6

  • SSDEEP

    6144:Vy/stEHoXUY+pUum3UAa5O24kCzaSSxWhguas30viTXm:VGDgUY+wUz5O24kCzzhguas3CiTW

Malware Config

Targets

    • Target

      4a677a3a22b4a4bada37085e2772f3fbb30acd00c050883d766da50cc7785a1c

    • Size

      445KB

    • MD5

      e850fac6fe88502817f8b69c4bac9d02

    • SHA1

      ed987e2ede50bb7775c2cb784a0aedf7fde69b52

    • SHA256

      4a677a3a22b4a4bada37085e2772f3fbb30acd00c050883d766da50cc7785a1c

    • SHA512

      eea02c19a26768e60c319c88fe72b42b2f16208e5db8a7b0ae2ad37e56a54fb7a1a6da72c95adf0a4775b9ac2f250e567c97b21b195062f410bf48a5f5841ed6

    • SSDEEP

      6144:Vy/stEHoXUY+pUum3UAa5O24kCzaSSxWhguas30viTXm:VGDgUY+wUz5O24kCzzhguas3CiTW

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks