General

  • Target

    759ca29bd84739fd5e5fc49c95ded8110f88af92f83ed0bbf579075ec5a88d2f

  • Size

    9.1MB

  • Sample

    241110-hp6wsssapj

  • MD5

    9e07137691b7323997639c22565feee3

  • SHA1

    db9a41999ab4a08eb6d142850a127bd4b10769a9

  • SHA256

    759ca29bd84739fd5e5fc49c95ded8110f88af92f83ed0bbf579075ec5a88d2f

  • SHA512

    91254bdbb3312b7c80367a26c381dbfc67b1483ce2471c832fc95633b8bf2060f7b9529130fb8800a5ca19a59e82c754fdd892059b3987f373a2b923ead46946

  • SSDEEP

    196608:nxLAhaRsPePH5mxHjiERxNUQ7JSepfp1RTOaacDP5:uSsm/5mxH7RxNU+jRracDh

Malware Config

Targets

    • Target

      759ca29bd84739fd5e5fc49c95ded8110f88af92f83ed0bbf579075ec5a88d2f

    • Size

      9.1MB

    • MD5

      9e07137691b7323997639c22565feee3

    • SHA1

      db9a41999ab4a08eb6d142850a127bd4b10769a9

    • SHA256

      759ca29bd84739fd5e5fc49c95ded8110f88af92f83ed0bbf579075ec5a88d2f

    • SHA512

      91254bdbb3312b7c80367a26c381dbfc67b1483ce2471c832fc95633b8bf2060f7b9529130fb8800a5ca19a59e82c754fdd892059b3987f373a2b923ead46946

    • SSDEEP

      196608:nxLAhaRsPePH5mxHjiERxNUQ7JSepfp1RTOaacDP5:uSsm/5mxH7RxNU+jRracDh

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks