General

  • Target

    b6aee2a4a2858f8c5c9a3045e457ab53da61f16878f5fbf891ed896108a8ea76N.exe

  • Size

    3.7MB

  • Sample

    241216-jltmqs1law

  • MD5

    912ce881dca9e21b61222352b71dc410

  • SHA1

    3d8662b837e5b9769ad9d06b7d67f07b27f0c637

  • SHA256

    b6aee2a4a2858f8c5c9a3045e457ab53da61f16878f5fbf891ed896108a8ea76

  • SHA512

    b25b18cb208acc49f699602997985e484cb5fd592112b6d558eb6724291129bff8b248b2669f66692fabfa293bcc37bff7d8e368ee2b865cc6f0a079e0916fb3

  • SSDEEP

    49152:gCOfN6X5tLLQTg20ITS/PPs/1kS4eKRL/SRsj0Zuur1T75YqVUrmNF98n:U6XLq/qPPslzKx/dJg1ErmN2

Malware Config

Targets

    • Target

      b6aee2a4a2858f8c5c9a3045e457ab53da61f16878f5fbf891ed896108a8ea76N.exe

    • Size

      3.7MB

    • MD5

      912ce881dca9e21b61222352b71dc410

    • SHA1

      3d8662b837e5b9769ad9d06b7d67f07b27f0c637

    • SHA256

      b6aee2a4a2858f8c5c9a3045e457ab53da61f16878f5fbf891ed896108a8ea76

    • SHA512

      b25b18cb208acc49f699602997985e484cb5fd592112b6d558eb6724291129bff8b248b2669f66692fabfa293bcc37bff7d8e368ee2b865cc6f0a079e0916fb3

    • SSDEEP

      49152:gCOfN6X5tLLQTg20ITS/PPs/1kS4eKRL/SRsj0Zuur1T75YqVUrmNF98n:U6XLq/qPPslzKx/dJg1ErmN2

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks