General
-
Target
08ef87eb8165f338f6621200563043af11143eb5f328b2df11b7f356d12efc25
-
Size
3.1MB
-
Sample
241126-djh6bs1khv
-
MD5
a3a945a2e8ba1d09cdd5f11ce7d41849
-
SHA1
47531a2d6bb11f1aaa6c2ea0d207d030533f953d
-
SHA256
08ef87eb8165f338f6621200563043af11143eb5f328b2df11b7f356d12efc25
-
SHA512
9fa48ae5f48438a604191e5223a4e6e905b61d3a5741505a440aa98fcd03d9d44f3079b81605e561aff984e468ee642d17bd25c8e6078a65533f0d5b1a648a27
-
SSDEEP
49152:DE328sJUleRxlHMkjQKwAV9JhOiHOpbQcPj6Dq6SV++PaPoLO1A9oFze:Du28ybRxlH0KtbnpCEyGDHymoS2CFy
Malware Config
Targets
-
-
Target
08ef87eb8165f338f6621200563043af11143eb5f328b2df11b7f356d12efc25
-
Size
3.1MB
-
MD5
a3a945a2e8ba1d09cdd5f11ce7d41849
-
SHA1
47531a2d6bb11f1aaa6c2ea0d207d030533f953d
-
SHA256
08ef87eb8165f338f6621200563043af11143eb5f328b2df11b7f356d12efc25
-
SHA512
9fa48ae5f48438a604191e5223a4e6e905b61d3a5741505a440aa98fcd03d9d44f3079b81605e561aff984e468ee642d17bd25c8e6078a65533f0d5b1a648a27
-
SSDEEP
49152:DE328sJUleRxlHMkjQKwAV9JhOiHOpbQcPj6Dq6SV++PaPoLO1A9oFze:Du28ybRxlH0KtbnpCEyGDHymoS2CFy
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
UAC bypass
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2