General

  • Target

    06586b56e7c0c9c486d87624b50f32f16a350b30d8cff5c3c2ba1b77028a4b57

  • Size

    2.5MB

  • Sample

    241109-spdkcswkes

  • MD5

    6c50bb178c8bfdd788ec9c693571369c

  • SHA1

    2904044a4ac94f4446cd491f2b165c2b73971b1c

  • SHA256

    06586b56e7c0c9c486d87624b50f32f16a350b30d8cff5c3c2ba1b77028a4b57

  • SHA512

    84e075f6365a6a5c66a720b16fb19637f29874c4f78eb71f79e83486adff99b885fc3fdfa10ec5e09d84948135db4a55fa560e4ac26e00672e9507573f82c04e

  • SSDEEP

    49152:OZ0v0xeSAURL9WxanWWN5YUwTKOcWWN5YUwTYQP:ow0xeSh7q

Malware Config

Targets

    • Target

      06586b56e7c0c9c486d87624b50f32f16a350b30d8cff5c3c2ba1b77028a4b57

    • Size

      2.5MB

    • MD5

      6c50bb178c8bfdd788ec9c693571369c

    • SHA1

      2904044a4ac94f4446cd491f2b165c2b73971b1c

    • SHA256

      06586b56e7c0c9c486d87624b50f32f16a350b30d8cff5c3c2ba1b77028a4b57

    • SHA512

      84e075f6365a6a5c66a720b16fb19637f29874c4f78eb71f79e83486adff99b885fc3fdfa10ec5e09d84948135db4a55fa560e4ac26e00672e9507573f82c04e

    • SSDEEP

      49152:OZ0v0xeSAURL9WxanWWN5YUwTKOcWWN5YUwTYQP:ow0xeSh7q

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks