General

  • Target

    6e83609fc5ddfe3ca7b25ee90e937612bd2b32780aeb09c3769bb1d2a36e40c4

  • Size

    1.2MB

  • Sample

    241221-vz9fwstrbx

  • MD5

    fc783e4b13e3e4aa55014c9acaa4f333

  • SHA1

    b8a482e2a391722253ed26cb802be0d5144f8880

  • SHA256

    6e83609fc5ddfe3ca7b25ee90e937612bd2b32780aeb09c3769bb1d2a36e40c4

  • SHA512

    3ad7749cfbb510c871e1c6ad13d219febf405e521a4ffd68d80b0774c9d4974f4b9a5ee30efb00a9acc3bfcf7b61276153ab11d9cc7d01594f9c01eaa9ffbc8d

  • SSDEEP

    24576:lB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:lBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      6e83609fc5ddfe3ca7b25ee90e937612bd2b32780aeb09c3769bb1d2a36e40c4

    • Size

      1.2MB

    • MD5

      fc783e4b13e3e4aa55014c9acaa4f333

    • SHA1

      b8a482e2a391722253ed26cb802be0d5144f8880

    • SHA256

      6e83609fc5ddfe3ca7b25ee90e937612bd2b32780aeb09c3769bb1d2a36e40c4

    • SHA512

      3ad7749cfbb510c871e1c6ad13d219febf405e521a4ffd68d80b0774c9d4974f4b9a5ee30efb00a9acc3bfcf7b61276153ab11d9cc7d01594f9c01eaa9ffbc8d

    • SSDEEP

      24576:lB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:lBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks