General

  • Target

    JaffaCakes118_01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb

  • Size

    1.2MB

  • Sample

    241223-qf18yszqct

  • MD5

    bbcb209464fa0234fa3fa6316da54fe1

  • SHA1

    4589fc844e4e5bd12f8b1d3854df48a5ddff49a7

  • SHA256

    01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb

  • SHA512

    8b14d8534918fd70f3b30b55e595c5c87aa31d2e761c5f1db3fc179bdb62968a0b3f44535c73dcaa2c49c5a1b97e2b7c32b1b502325dcbef5e51b9adc662339f

  • SSDEEP

    24576:RB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:RBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb

    • Size

      1.2MB

    • MD5

      bbcb209464fa0234fa3fa6316da54fe1

    • SHA1

      4589fc844e4e5bd12f8b1d3854df48a5ddff49a7

    • SHA256

      01fd658c6f3c1c047493e1312ce2743b9f1139c78114625f7de48f39ec057bcb

    • SHA512

      8b14d8534918fd70f3b30b55e595c5c87aa31d2e761c5f1db3fc179bdb62968a0b3f44535c73dcaa2c49c5a1b97e2b7c32b1b502325dcbef5e51b9adc662339f

    • SSDEEP

      24576:RB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:RBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks