General

  • Target

    608269823898046138222ded5bdf21eb7e794048c8b83371c98e02376f46bb3a

  • Size

    8.0MB

  • Sample

    241102-zbcjgavcpe

  • MD5

    e18cf60595cd1ef301c17c265dee12c9

  • SHA1

    52bff9db308c7bda1e5f8901c7d1588ef9cbe929

  • SHA256

    608269823898046138222ded5bdf21eb7e794048c8b83371c98e02376f46bb3a

  • SHA512

    cab86848ed7b27afc50dfe7d9d28786fc2ce8d497518f9909609fb8fdce26669c0897494436fa544c6edbf898a7ed6bee96ddda20c37744572989f5b3619f893

  • SSDEEP

    196608:CDjYL47E/K7NK0R9VVP+ruQyXFKdhlHdEM++QYMK9NHUm:sjY07E/YR9VVey8dhlHr+2M2N0

Malware Config

Targets

    • Target

      608269823898046138222ded5bdf21eb7e794048c8b83371c98e02376f46bb3a

    • Size

      8.0MB

    • MD5

      e18cf60595cd1ef301c17c265dee12c9

    • SHA1

      52bff9db308c7bda1e5f8901c7d1588ef9cbe929

    • SHA256

      608269823898046138222ded5bdf21eb7e794048c8b83371c98e02376f46bb3a

    • SHA512

      cab86848ed7b27afc50dfe7d9d28786fc2ce8d497518f9909609fb8fdce26669c0897494436fa544c6edbf898a7ed6bee96ddda20c37744572989f5b3619f893

    • SSDEEP

      196608:CDjYL47E/K7NK0R9VVP+ruQyXFKdhlHdEM++QYMK9NHUm:sjY07E/YR9VVey8dhlHr+2M2N0

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks