General

  • Target

    JaffaCakes118_a9b00b1685b12d516c2273616389be9c1f023dec7cf9b2b49323b027c25e6cb5

  • Size

    1.2MB

  • Sample

    241223-r4x2wasnfk

  • MD5

    8e812d21a57bb61b0f2af29f4c0459c4

  • SHA1

    69c2be589f7a6afe24ccc5792e51c2a3cff02133

  • SHA256

    a9b00b1685b12d516c2273616389be9c1f023dec7cf9b2b49323b027c25e6cb5

  • SHA512

    2cfbadd00769f4eee8b6c6c331add785a04b597cd331af1a743ebf7687559bb4b4b4d045c2eee91693a4da9cfb4ab36ce925b1de0ad90a31d002a5776cf262d8

  • SSDEEP

    24576:AB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:ABSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_a9b00b1685b12d516c2273616389be9c1f023dec7cf9b2b49323b027c25e6cb5

    • Size

      1.2MB

    • MD5

      8e812d21a57bb61b0f2af29f4c0459c4

    • SHA1

      69c2be589f7a6afe24ccc5792e51c2a3cff02133

    • SHA256

      a9b00b1685b12d516c2273616389be9c1f023dec7cf9b2b49323b027c25e6cb5

    • SHA512

      2cfbadd00769f4eee8b6c6c331add785a04b597cd331af1a743ebf7687559bb4b4b4d045c2eee91693a4da9cfb4ab36ce925b1de0ad90a31d002a5776cf262d8

    • SSDEEP

      24576:AB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:ABSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks