General

  • Target

    1aba514370da7f2a58536b5132cae617d81be0ff8983f1c794931ac7f3195705

  • Size

    9.1MB

  • Sample

    241110-hrjjaascmh

  • MD5

    7247f19c8c826abceeb1c382708451b7

  • SHA1

    46c32a8bd87ce12062df13c5c6ca56c095b7a735

  • SHA256

    1aba514370da7f2a58536b5132cae617d81be0ff8983f1c794931ac7f3195705

  • SHA512

    02d28fbe3bb3dd1538cc328efb7df641df4f27cfaf982ab45bade816562a85b21a993effd11de466129f2224cc34ed6b455652015613844f9aa36301bed5c871

  • SSDEEP

    196608:nxLAhaRsPePH5mxHjiERxNUQ7JSepfp1RTOaacDPG:uSsm/5mxH7RxNU+jRracDe

Malware Config

Targets

    • Target

      1aba514370da7f2a58536b5132cae617d81be0ff8983f1c794931ac7f3195705

    • Size

      9.1MB

    • MD5

      7247f19c8c826abceeb1c382708451b7

    • SHA1

      46c32a8bd87ce12062df13c5c6ca56c095b7a735

    • SHA256

      1aba514370da7f2a58536b5132cae617d81be0ff8983f1c794931ac7f3195705

    • SHA512

      02d28fbe3bb3dd1538cc328efb7df641df4f27cfaf982ab45bade816562a85b21a993effd11de466129f2224cc34ed6b455652015613844f9aa36301bed5c871

    • SSDEEP

      196608:nxLAhaRsPePH5mxHjiERxNUQ7JSepfp1RTOaacDPG:uSsm/5mxH7RxNU+jRracDe

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks