General

  • Target

    JaffaCakes118_d13c950101c31e67c962e4cbc6a2e1046d63f74212faf1b7c1bd2fcb80e9bec1

  • Size

    1.2MB

  • Sample

    241224-cpqa6aypb1

  • MD5

    362aac920862bd7a99f0dc2c1f02a8e4

  • SHA1

    c271fdeaa1d003146486dfadc9f0b336c9146cfd

  • SHA256

    d13c950101c31e67c962e4cbc6a2e1046d63f74212faf1b7c1bd2fcb80e9bec1

  • SHA512

    db700f9c94ba2e689f12ef077058a289d25dd60a0ef0118b734bb95205adaa9497b269cba82fcc2cff0e965c751b3f6d3d690d3d4c87c135c1485aa13344e17b

  • SSDEEP

    24576:LB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:LBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_d13c950101c31e67c962e4cbc6a2e1046d63f74212faf1b7c1bd2fcb80e9bec1

    • Size

      1.2MB

    • MD5

      362aac920862bd7a99f0dc2c1f02a8e4

    • SHA1

      c271fdeaa1d003146486dfadc9f0b336c9146cfd

    • SHA256

      d13c950101c31e67c962e4cbc6a2e1046d63f74212faf1b7c1bd2fcb80e9bec1

    • SHA512

      db700f9c94ba2e689f12ef077058a289d25dd60a0ef0118b734bb95205adaa9497b269cba82fcc2cff0e965c751b3f6d3d690d3d4c87c135c1485aa13344e17b

    • SSDEEP

      24576:LB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:LBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks