General

  • Target

    d28cb7a722be5630eb904cf770f41a3410611e2881a169d5d292dc791352f22e

  • Size

    92KB

  • Sample

    241110-dlln8sxpcz

  • MD5

    4d11e405d5fe361820a173aaa7a12be8

  • SHA1

    c5a13b9afdfe3395229f7484e6ded27553038b08

  • SHA256

    d28cb7a722be5630eb904cf770f41a3410611e2881a169d5d292dc791352f22e

  • SHA512

    8e4b681426f8a7636325ee22527fa10edf21f8555411a9e06b2da19ec3a791f1a55a68c8f80c11b5ad5781112505c1cf4b20e33de0517c2a6bc349619822aeb6

  • SSDEEP

    1536:l9EJv7qMinKldu6OpZz5CUTDb3zKg+GinF3BHEB7L6J8usIGpxIVUlbRn:0Jv7MK+6KZb3zvcndBoqJ8usLpxH9

Malware Config

Targets

    • Target

      d28cb7a722be5630eb904cf770f41a3410611e2881a169d5d292dc791352f22e

    • Size

      92KB

    • MD5

      4d11e405d5fe361820a173aaa7a12be8

    • SHA1

      c5a13b9afdfe3395229f7484e6ded27553038b08

    • SHA256

      d28cb7a722be5630eb904cf770f41a3410611e2881a169d5d292dc791352f22e

    • SHA512

      8e4b681426f8a7636325ee22527fa10edf21f8555411a9e06b2da19ec3a791f1a55a68c8f80c11b5ad5781112505c1cf4b20e33de0517c2a6bc349619822aeb6

    • SSDEEP

      1536:l9EJv7qMinKldu6OpZz5CUTDb3zKg+GinF3BHEB7L6J8usIGpxIVUlbRn:0Jv7MK+6KZb3zvcndBoqJ8usLpxH9

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks