General

  • Target

    f9a6f798a838f36329e963fe226d7b4db010dabd3c1a78427b58bc5f486ea896

  • Size

    74KB

  • Sample

    241110-e8bm8azfma

  • MD5

    111ffdd7e36febe28e1e2eb6fb4ef3e0

  • SHA1

    d1ef2d1a9f0ffa1b08871c45c4d6773c377e37f8

  • SHA256

    f9a6f798a838f36329e963fe226d7b4db010dabd3c1a78427b58bc5f486ea896

  • SHA512

    65e7c0fc4d5614fc41be51114a55feaacc94b365c85677bf9a6ea523b776594afd0d29c729ac555d3963a8878595ffc296bb18f84826f6402d72db2cbd2c7313

  • SSDEEP

    1536:IyfIcT9U1tPrgQvhLopacl1TsQk0NJP/PAjgas/3VUN0YWZPnouy8G:VfIS2vhLoz5sQkqgjg1YWZfoutG

Malware Config

Targets

    • Target

      f9a6f798a838f36329e963fe226d7b4db010dabd3c1a78427b58bc5f486ea896

    • Size

      74KB

    • MD5

      111ffdd7e36febe28e1e2eb6fb4ef3e0

    • SHA1

      d1ef2d1a9f0ffa1b08871c45c4d6773c377e37f8

    • SHA256

      f9a6f798a838f36329e963fe226d7b4db010dabd3c1a78427b58bc5f486ea896

    • SHA512

      65e7c0fc4d5614fc41be51114a55feaacc94b365c85677bf9a6ea523b776594afd0d29c729ac555d3963a8878595ffc296bb18f84826f6402d72db2cbd2c7313

    • SSDEEP

      1536:IyfIcT9U1tPrgQvhLopacl1TsQk0NJP/PAjgas/3VUN0YWZPnouy8G:VfIS2vhLoz5sQkqgjg1YWZfoutG

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks