General
-
Target
a1eb610f5e8e7ace99090f6b84a63881bee52e3830b19a29562f5dfd26130769.exe
-
Size
55.3MB
-
Sample
241125-rk413sxkbr
-
MD5
2fa4f19f9fb9e7a71d85aaf34d318178
-
SHA1
2061483db691163ca0b1d04667d64e37af4c2fe0
-
SHA256
a1eb610f5e8e7ace99090f6b84a63881bee52e3830b19a29562f5dfd26130769
-
SHA512
a311d5ba3369540927b93fca95331d0783a8c526f2df59bd4726dcb3f174311447d00f70d52d22f3d2b6fde2d599a403cf44558a578fa34cb965fdb1fbfd965e
-
SSDEEP
1572864:uK9/hb6GmIcUGtvclhGSjkcrABpYhpeWeiTjz:uAheec1tvclsSjsBuhpeJujz
Malware Config
Targets
-
-
Target
a1eb610f5e8e7ace99090f6b84a63881bee52e3830b19a29562f5dfd26130769.exe
-
Size
55.3MB
-
MD5
2fa4f19f9fb9e7a71d85aaf34d318178
-
SHA1
2061483db691163ca0b1d04667d64e37af4c2fe0
-
SHA256
a1eb610f5e8e7ace99090f6b84a63881bee52e3830b19a29562f5dfd26130769
-
SHA512
a311d5ba3369540927b93fca95331d0783a8c526f2df59bd4726dcb3f174311447d00f70d52d22f3d2b6fde2d599a403cf44558a578fa34cb965fdb1fbfd965e
-
SSDEEP
1572864:uK9/hb6GmIcUGtvclhGSjkcrABpYhpeWeiTjz:uAheec1tvclsSjsBuhpeJujz
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1