General

  • Target

    bb50ce9e091f671a2b8727dfa55bdc12bf22cbeb6890d60c1f419bdc4d6724ff

  • Size

    7.5MB

  • Sample

    241102-za6qxstrbz

  • MD5

    61adc2b986993f3fe1a11bb6181567f0

  • SHA1

    27ba89d250cc5ef61030f8b6d12de732aa25d413

  • SHA256

    bb50ce9e091f671a2b8727dfa55bdc12bf22cbeb6890d60c1f419bdc4d6724ff

  • SHA512

    1b2935dc75694e9957613d4dbaa54bedb3f5ad6a89a3117b46d1fc863b66b2608421e440df851d0c02e6bf93a5779b21cd320c3adb2c270b1717421443c2faa6

  • SSDEEP

    196608:IhzUQhtyrfNhbe967+d8S7NYscO/FYrt2Q3n:SfhfQDS7CsZ62Q3n

Malware Config

Targets

    • Target

      bb50ce9e091f671a2b8727dfa55bdc12bf22cbeb6890d60c1f419bdc4d6724ff

    • Size

      7.5MB

    • MD5

      61adc2b986993f3fe1a11bb6181567f0

    • SHA1

      27ba89d250cc5ef61030f8b6d12de732aa25d413

    • SHA256

      bb50ce9e091f671a2b8727dfa55bdc12bf22cbeb6890d60c1f419bdc4d6724ff

    • SHA512

      1b2935dc75694e9957613d4dbaa54bedb3f5ad6a89a3117b46d1fc863b66b2608421e440df851d0c02e6bf93a5779b21cd320c3adb2c270b1717421443c2faa6

    • SSDEEP

      196608:IhzUQhtyrfNhbe967+d8S7NYscO/FYrt2Q3n:SfhfQDS7CsZ62Q3n

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks