General

  • Target

    JaffaCakes118_f5598a684f0351b2eeaac55096c90f148cf7edbb582ef70fb820859c86d5a6cc

  • Size

    1.2MB

  • Sample

    241223-1h43qsskfx

  • MD5

    ca260ad7cfc77e11d0a93dbaf6b99b29

  • SHA1

    babb4ff9c705c12f412332dc04a67b254d24f2b7

  • SHA256

    f5598a684f0351b2eeaac55096c90f148cf7edbb582ef70fb820859c86d5a6cc

  • SHA512

    aa72910a48385298d5688b0ad044bdc0b449bbfaafe3fa1f35c55565f913753ba3e96e604b0c92307bf700cdfe3afd07b928681eadc4d8f6cb69f40ef2caa7d5

  • SSDEEP

    24576:IB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:IBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_f5598a684f0351b2eeaac55096c90f148cf7edbb582ef70fb820859c86d5a6cc

    • Size

      1.2MB

    • MD5

      ca260ad7cfc77e11d0a93dbaf6b99b29

    • SHA1

      babb4ff9c705c12f412332dc04a67b254d24f2b7

    • SHA256

      f5598a684f0351b2eeaac55096c90f148cf7edbb582ef70fb820859c86d5a6cc

    • SHA512

      aa72910a48385298d5688b0ad044bdc0b449bbfaafe3fa1f35c55565f913753ba3e96e604b0c92307bf700cdfe3afd07b928681eadc4d8f6cb69f40ef2caa7d5

    • SSDEEP

      24576:IB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:IBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks