General

  • Target

    64184f46e574659ad8c15cf023c56e7e05dd1b37f06ddfa0a93ebb0e74804d0fN

  • Size

    88KB

  • Sample

    241109-1e8lrasglc

  • MD5

    75f6d0863818f417cdf924c4ac3cf930

  • SHA1

    cdde19b9978ede16b02db1cf4ac0039787ce7a63

  • SHA256

    64184f46e574659ad8c15cf023c56e7e05dd1b37f06ddfa0a93ebb0e74804d0f

  • SHA512

    3f5c718001d2189ffbf444e87318b17bab3676451131b20e970f55fac2769919fbf876b0ad68988bcf750f4fc266a1c0207c72b8545ecccd15cb19e267fc6e73

  • SSDEEP

    1536:D3ScSeuCQ5CvP3ErbK0GsA1Irn6ykkXERklFceLnFaswUemjmh5WGiirTb9Qyzz:DSleucPUXKhsmIGZkXYUJFg5fRiaTRj

Malware Config

Targets

    • Target

      64184f46e574659ad8c15cf023c56e7e05dd1b37f06ddfa0a93ebb0e74804d0fN

    • Size

      88KB

    • MD5

      75f6d0863818f417cdf924c4ac3cf930

    • SHA1

      cdde19b9978ede16b02db1cf4ac0039787ce7a63

    • SHA256

      64184f46e574659ad8c15cf023c56e7e05dd1b37f06ddfa0a93ebb0e74804d0f

    • SHA512

      3f5c718001d2189ffbf444e87318b17bab3676451131b20e970f55fac2769919fbf876b0ad68988bcf750f4fc266a1c0207c72b8545ecccd15cb19e267fc6e73

    • SSDEEP

      1536:D3ScSeuCQ5CvP3ErbK0GsA1Irn6ykkXERklFceLnFaswUemjmh5WGiirTb9Qyzz:DSleucPUXKhsmIGZkXYUJFg5fRiaTRj

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks