General

  • Target

    JaffaCakes118_544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050

  • Size

    1.2MB

  • Sample

    241224-2msqyayrhw

  • MD5

    a46f5223d2ec4625f6db30f3814a90f1

  • SHA1

    af7aea699e4f8958eb28ec2fd5fa36ff1ef3ee19

  • SHA256

    544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050

  • SHA512

    8b845ab5134202ec6213ad4693a838e77e315a469d3f2791e1d9881aaf5b0ec4a9de8c011167cdd97ea1cc3e3321b3d319cc2910666145abfabb455cd3be966a

  • SSDEEP

    24576:gB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:gBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050

    • Size

      1.2MB

    • MD5

      a46f5223d2ec4625f6db30f3814a90f1

    • SHA1

      af7aea699e4f8958eb28ec2fd5fa36ff1ef3ee19

    • SHA256

      544c7e02853b5ce1adf3af0f89ac8787ff3d93ece3e2788013357a814be67050

    • SHA512

      8b845ab5134202ec6213ad4693a838e77e315a469d3f2791e1d9881aaf5b0ec4a9de8c011167cdd97ea1cc3e3321b3d319cc2910666145abfabb455cd3be966a

    • SSDEEP

      24576:gB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:gBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks