General

  • Target

    JaffaCakes118_510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43

  • Size

    1.2MB

  • Sample

    241222-xhssxsvrez

  • MD5

    a3596ef8e0a78e7fcdbb43d2ac2d82d6

  • SHA1

    ff2a32c998b14a5bc16e7131fd3ddf2591304179

  • SHA256

    510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43

  • SHA512

    bd04a81f59a631c6a178c004724d5e93b463f859739262203a2eccc781ef74eef92435e4339d4264706ef3c7a3df0f94b9c1882dd8edcd85c2f86823b7fb01e9

  • SSDEEP

    24576:dB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:dBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43

    • Size

      1.2MB

    • MD5

      a3596ef8e0a78e7fcdbb43d2ac2d82d6

    • SHA1

      ff2a32c998b14a5bc16e7131fd3ddf2591304179

    • SHA256

      510d5d8ad44043fa5328813f6a01d6991a8be571e91228a77f62de57df2a6b43

    • SHA512

      bd04a81f59a631c6a178c004724d5e93b463f859739262203a2eccc781ef74eef92435e4339d4264706ef3c7a3df0f94b9c1882dd8edcd85c2f86823b7fb01e9

    • SSDEEP

      24576:dB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:dBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks