General

  • Target

    c64b2ef7e5c9460dc464f682ba24aab7818c839e222178621697f9ba07b402c8

  • Size

    7.5MB

  • Sample

    241224-a4h5aawqh1

  • MD5

    c88226d44adcffb4dc370b1024561c71

  • SHA1

    44336057920c887f0497abb9db6acc5b517ae5d4

  • SHA256

    c64b2ef7e5c9460dc464f682ba24aab7818c839e222178621697f9ba07b402c8

  • SHA512

    4782d3d3f17c203841644a8d061f10a0448cfaae852848ea1a3bf31ba3befe859c4c09d9e0f192d22719f9c2211540f2c220807ef3f91cadd43692a78b1ea1ab

  • SSDEEP

    98304:TPF75Ej5VK+568kTjE5D7R5z8yDB+EM181mGgKvoPc2r6GDNMs1B7X8jEExDrWMl:5+VWA5RbDBBYz6GheAE0MZCCLyUS7NXq

Malware Config

Targets

    • Target

      c64b2ef7e5c9460dc464f682ba24aab7818c839e222178621697f9ba07b402c8

    • Size

      7.5MB

    • MD5

      c88226d44adcffb4dc370b1024561c71

    • SHA1

      44336057920c887f0497abb9db6acc5b517ae5d4

    • SHA256

      c64b2ef7e5c9460dc464f682ba24aab7818c839e222178621697f9ba07b402c8

    • SHA512

      4782d3d3f17c203841644a8d061f10a0448cfaae852848ea1a3bf31ba3befe859c4c09d9e0f192d22719f9c2211540f2c220807ef3f91cadd43692a78b1ea1ab

    • SSDEEP

      98304:TPF75Ej5VK+568kTjE5D7R5z8yDB+EM181mGgKvoPc2r6GDNMs1B7X8jEExDrWMl:5+VWA5RbDBBYz6GheAE0MZCCLyUS7NXq

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks