General

  • Target

    fd8a291c0655b4387cd4d8da8e2c4ea827162e60ab880d43323cd5cfb0dd112d

  • Size

    87KB

  • Sample

    241110-fe6f6ssrej

  • MD5

    9b7a363b1367622d6f6db983e2596395

  • SHA1

    8ba24e50c918c9a29216b08ffa375fcd6b201887

  • SHA256

    fd8a291c0655b4387cd4d8da8e2c4ea827162e60ab880d43323cd5cfb0dd112d

  • SHA512

    56fe14101432b1a16129efa5d99e058ac57faa83a17ffee4db8fa7137cf777e03ef3407997ddbab8e52d910ece90992a58ce05710d6f9960f77619bdeaadcdab

  • SSDEEP

    1536:GtyyRF/OxmfzDcazhe2hb5nnW+ME9Sf2+pg9R8LxM8WkNK+tEf6uacq:7yTtfbo2nWW982+paS9pWkNxXu+

Malware Config

Targets

    • Target

      fd8a291c0655b4387cd4d8da8e2c4ea827162e60ab880d43323cd5cfb0dd112d

    • Size

      87KB

    • MD5

      9b7a363b1367622d6f6db983e2596395

    • SHA1

      8ba24e50c918c9a29216b08ffa375fcd6b201887

    • SHA256

      fd8a291c0655b4387cd4d8da8e2c4ea827162e60ab880d43323cd5cfb0dd112d

    • SHA512

      56fe14101432b1a16129efa5d99e058ac57faa83a17ffee4db8fa7137cf777e03ef3407997ddbab8e52d910ece90992a58ce05710d6f9960f77619bdeaadcdab

    • SSDEEP

      1536:GtyyRF/OxmfzDcazhe2hb5nnW+ME9Sf2+pg9R8LxM8WkNK+tEf6uacq:7yTtfbo2nWW982+paS9pWkNxXu+

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks