General

  • Target

    9a62ebed2675949bd33eab47883df34d61d2dd5323e85e2afbc3e9c7e82d0eed

  • Size

    366KB

  • Sample

    241103-cc4ysa1lhv

  • MD5

    7648a4dfb80f48c8e301e9cac775c373

  • SHA1

    7f8b1da8c046458f1af80cbda8bdde72a9ad9d9a

  • SHA256

    9a62ebed2675949bd33eab47883df34d61d2dd5323e85e2afbc3e9c7e82d0eed

  • SHA512

    6b80a19abb11b9e4d520c4ecf7ff0db44c812bb540f98c8cf29b429e6f4238f9f32e9a0b0ffa67c3f18f979797db4185f03216f88c26b85d7145b3d5ac54aa9b

  • SSDEEP

    6144:BSfSHl+gv5gY1F53Aul/Egv4+E6qnwEGvIkJ7G9P18:B2SHl+gv5gY1b5Eo4+EsEEIkJ7G9P18

Malware Config

Targets

    • Target

      9a62ebed2675949bd33eab47883df34d61d2dd5323e85e2afbc3e9c7e82d0eed

    • Size

      366KB

    • MD5

      7648a4dfb80f48c8e301e9cac775c373

    • SHA1

      7f8b1da8c046458f1af80cbda8bdde72a9ad9d9a

    • SHA256

      9a62ebed2675949bd33eab47883df34d61d2dd5323e85e2afbc3e9c7e82d0eed

    • SHA512

      6b80a19abb11b9e4d520c4ecf7ff0db44c812bb540f98c8cf29b429e6f4238f9f32e9a0b0ffa67c3f18f979797db4185f03216f88c26b85d7145b3d5ac54aa9b

    • SSDEEP

      6144:BSfSHl+gv5gY1F53Aul/Egv4+E6qnwEGvIkJ7G9P18:B2SHl+gv5gY1b5Eo4+EsEEIkJ7G9P18

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks