General

  • Target

    4332f5dd487a74a552310cb26d7d044b5aa7133b3e538d72fe31c993e69351aeN

  • Size

    87KB

  • Sample

    241018-zycgzszfrk

  • MD5

    8c93aa6d58c0d8f11a38f98ed8e92650

  • SHA1

    ce785b441a454c9ccd467067a339f08b3d90f7bf

  • SHA256

    4332f5dd487a74a552310cb26d7d044b5aa7133b3e538d72fe31c993e69351ae

  • SHA512

    7ecec12f779596d3bcc4d62a68a379c452b5d3509ea8b1043ce9ee95a62a69d5dd66cc50e667ea38b804ba208cd053a056de0035690e82679752b83635be2e1c

  • SSDEEP

    1536:GtyyRF/OxmfzDcazhe2hb5nnW+ME9Sf2+pg9R8LxM8WkNK+tEf6uacz:7yTtfbo2nWW982+paS9pWkNxXuH

Malware Config

Targets

    • Target

      4332f5dd487a74a552310cb26d7d044b5aa7133b3e538d72fe31c993e69351aeN

    • Size

      87KB

    • MD5

      8c93aa6d58c0d8f11a38f98ed8e92650

    • SHA1

      ce785b441a454c9ccd467067a339f08b3d90f7bf

    • SHA256

      4332f5dd487a74a552310cb26d7d044b5aa7133b3e538d72fe31c993e69351ae

    • SHA512

      7ecec12f779596d3bcc4d62a68a379c452b5d3509ea8b1043ce9ee95a62a69d5dd66cc50e667ea38b804ba208cd053a056de0035690e82679752b83635be2e1c

    • SSDEEP

      1536:GtyyRF/OxmfzDcazhe2hb5nnW+ME9Sf2+pg9R8LxM8WkNK+tEf6uacz:7yTtfbo2nWW982+paS9pWkNxXuH

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks