General

  • Target

    687d71cabe83a780fe16fbc559807f3d7765d8b343aa741b2d01c13e4d8d5e25

  • Size

    1.3MB

  • Sample

    241110-gdw2sa1dmb

  • MD5

    53577a9a201d2e810e3e8d99d8f5f923

  • SHA1

    0ca39c24d66d541e380cf9b1aced4961b0f348ce

  • SHA256

    687d71cabe83a780fe16fbc559807f3d7765d8b343aa741b2d01c13e4d8d5e25

  • SHA512

    9d7d09cc6dbcc04b3d5426f599993e7d3af43b1150b43ab23888e0d2758378a1c97512c5cc041120fd69d66ed56e37e1c8117c900e3cdde2ad9eadfeb793021f

  • SSDEEP

    24576:FHv2XRhUARvMpkFx9CwiOUb4P4b+kK4RofU9Jj6oSutcXgiotGCM0/SXfN:FHOXzRvOix9CwiOUMA+kKDfU9BdSuKfr

Malware Config

Targets

    • Target

      687d71cabe83a780fe16fbc559807f3d7765d8b343aa741b2d01c13e4d8d5e25

    • Size

      1.3MB

    • MD5

      53577a9a201d2e810e3e8d99d8f5f923

    • SHA1

      0ca39c24d66d541e380cf9b1aced4961b0f348ce

    • SHA256

      687d71cabe83a780fe16fbc559807f3d7765d8b343aa741b2d01c13e4d8d5e25

    • SHA512

      9d7d09cc6dbcc04b3d5426f599993e7d3af43b1150b43ab23888e0d2758378a1c97512c5cc041120fd69d66ed56e37e1c8117c900e3cdde2ad9eadfeb793021f

    • SSDEEP

      24576:FHv2XRhUARvMpkFx9CwiOUb4P4b+kK4RofU9Jj6oSutcXgiotGCM0/SXfN:FHOXzRvOix9CwiOUMA+kKDfU9BdSuKfr

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks