General

  • Target

    JaffaCakes118_15f6d0ed2447bd5593eb8a902113ac73100a2ff286266d5b601523561f55e864

  • Size

    1.2MB

  • Sample

    241224-vyvaksspey

  • MD5

    4759ef53f9deb8cd6bea9cafcc02867b

  • SHA1

    fb2742942d510e13a2e51c66d189cdf468e00062

  • SHA256

    15f6d0ed2447bd5593eb8a902113ac73100a2ff286266d5b601523561f55e864

  • SHA512

    bf93e5acb88b6661c43c31f84652bfd3d916e7076ac8e3adda872b6e7ecd557b2d492a63f2d0d66ff20671000866db9017eff3537ed0e3361168aea852a9f879

  • SSDEEP

    24576:0B0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:0BSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_15f6d0ed2447bd5593eb8a902113ac73100a2ff286266d5b601523561f55e864

    • Size

      1.2MB

    • MD5

      4759ef53f9deb8cd6bea9cafcc02867b

    • SHA1

      fb2742942d510e13a2e51c66d189cdf468e00062

    • SHA256

      15f6d0ed2447bd5593eb8a902113ac73100a2ff286266d5b601523561f55e864

    • SHA512

      bf93e5acb88b6661c43c31f84652bfd3d916e7076ac8e3adda872b6e7ecd557b2d492a63f2d0d66ff20671000866db9017eff3537ed0e3361168aea852a9f879

    • SSDEEP

      24576:0B0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:0BSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks