General

  • Target

    0822a4849f5bebdd726535244d5f1af3e615e0431f39b71b62bef3abb2bf4c31

  • Size

    800KB

  • Sample

    241102-z7ptnsvqcy

  • MD5

    75fff28937acca6de6ee651f55c4113a

  • SHA1

    e6b4555fb20b2ff6f6bcfd37ac0fd1242204bc49

  • SHA256

    0822a4849f5bebdd726535244d5f1af3e615e0431f39b71b62bef3abb2bf4c31

  • SHA512

    66b4acef242706418b28c3d6d70495f6d434cee60337309fd182f6894f15c9fc8523afb93cfed6a69c6056684a63b729c4ff55f8032dc6aacd0204182c18a899

  • SSDEEP

    3072:8ewG8fbqPsdE2NTlHwLTiQ1clyZtEm8v2pbz8tmxgw9qnYR/11Q:8ewG8fssdE0TlHOTimggVBE+Z9qnY

Malware Config

Targets

    • Target

      0822a4849f5bebdd726535244d5f1af3e615e0431f39b71b62bef3abb2bf4c31

    • Size

      800KB

    • MD5

      75fff28937acca6de6ee651f55c4113a

    • SHA1

      e6b4555fb20b2ff6f6bcfd37ac0fd1242204bc49

    • SHA256

      0822a4849f5bebdd726535244d5f1af3e615e0431f39b71b62bef3abb2bf4c31

    • SHA512

      66b4acef242706418b28c3d6d70495f6d434cee60337309fd182f6894f15c9fc8523afb93cfed6a69c6056684a63b729c4ff55f8032dc6aacd0204182c18a899

    • SSDEEP

      3072:8ewG8fbqPsdE2NTlHwLTiQ1clyZtEm8v2pbz8tmxgw9qnYR/11Q:8ewG8fssdE0TlHOTimggVBE+Z9qnY

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks