General

  • Target

    9169bf22a3dec10de8bc8f54db584be42da2b07ca9b4d06cd083fca9d9729acc

  • Size

    6.4MB

  • Sample

    241018-zflypsygll

  • MD5

    869528bda36986b1d83ff70e67d130dc

  • SHA1

    7d21499e67130cc218c04c5fb6ff9e775662b4c8

  • SHA256

    9169bf22a3dec10de8bc8f54db584be42da2b07ca9b4d06cd083fca9d9729acc

  • SHA512

    5992868c29571cd2648815c9dc3f13c03f7c53d0ae7f538ede65842527e30c1014b4c704423fe965ddf0222ef7213142d2c51d7c4ee126aa137e4e245ea91e69

  • SSDEEP

    98304:3x1LI2L6Iw8Z1rQMGex4J7zWTvByZTCEMWtojDJyJkAoefkjH8X5baMftjX:342Lt1rQMmvMvAZbiDAoef88JDfRX

Malware Config

Targets

    • Target

      9169bf22a3dec10de8bc8f54db584be42da2b07ca9b4d06cd083fca9d9729acc

    • Size

      6.4MB

    • MD5

      869528bda36986b1d83ff70e67d130dc

    • SHA1

      7d21499e67130cc218c04c5fb6ff9e775662b4c8

    • SHA256

      9169bf22a3dec10de8bc8f54db584be42da2b07ca9b4d06cd083fca9d9729acc

    • SHA512

      5992868c29571cd2648815c9dc3f13c03f7c53d0ae7f538ede65842527e30c1014b4c704423fe965ddf0222ef7213142d2c51d7c4ee126aa137e4e245ea91e69

    • SSDEEP

      98304:3x1LI2L6Iw8Z1rQMGex4J7zWTvByZTCEMWtojDJyJkAoefkjH8X5baMftjX:342Lt1rQMmvMvAZbiDAoef88JDfRX

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks