General

  • Target

    819c300e0c96a00fe48b9e9b13b2f8c9cf4fac8145123bb1314ead9ab63c84ca

  • Size

    5.9MB

  • Sample

    241109-xngb3szfjd

  • MD5

    f1a88a7d8c4a53bc5f17fd846d8ac5df

  • SHA1

    48fa63c9401548988cf45c34166801065c5d6fcf

  • SHA256

    819c300e0c96a00fe48b9e9b13b2f8c9cf4fac8145123bb1314ead9ab63c84ca

  • SHA512

    ec40a362107d06033b669c6aaff46b9e1e9493cd008fe0a1d6cc7a90ba74a17ec4832fa3b4be9ca51d91d34d2f2da215f0ab6fab3714fedcc4f638c74bb723b3

  • SSDEEP

    98304:84MmIKz6IBxvunCaN5EVNiqPGdj34opuRlqSqO12zaO1:xhPWnaGdj39MRl5qOMzaO

Malware Config

Targets

    • Target

      819c300e0c96a00fe48b9e9b13b2f8c9cf4fac8145123bb1314ead9ab63c84ca

    • Size

      5.9MB

    • MD5

      f1a88a7d8c4a53bc5f17fd846d8ac5df

    • SHA1

      48fa63c9401548988cf45c34166801065c5d6fcf

    • SHA256

      819c300e0c96a00fe48b9e9b13b2f8c9cf4fac8145123bb1314ead9ab63c84ca

    • SHA512

      ec40a362107d06033b669c6aaff46b9e1e9493cd008fe0a1d6cc7a90ba74a17ec4832fa3b4be9ca51d91d34d2f2da215f0ab6fab3714fedcc4f638c74bb723b3

    • SSDEEP

      98304:84MmIKz6IBxvunCaN5EVNiqPGdj34opuRlqSqO12zaO1:xhPWnaGdj39MRl5qOMzaO

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks