General

  • Target

    JaffaCakes118_e51fba0b26fc6cbb4bf24afba505aa2c562fedacc19ca68f4619d43916193453

  • Size

    1.2MB

  • Sample

    241224-x9p64svpgk

  • MD5

    52d09e30de0284798e8f9b5f4936cccf

  • SHA1

    313db760d899bf95ee0a75ee3705ca551c82fa19

  • SHA256

    e51fba0b26fc6cbb4bf24afba505aa2c562fedacc19ca68f4619d43916193453

  • SHA512

    2764de2fe4973cf7c6d5c02bf4c70a36c53e71f5b6073f757c405b9e80f2c283665a38cd46e5f282777d2f27809eb4ca6a7b8433ff1dd1974d73fc9ecbb20bfb

  • SSDEEP

    24576:YB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:YBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_e51fba0b26fc6cbb4bf24afba505aa2c562fedacc19ca68f4619d43916193453

    • Size

      1.2MB

    • MD5

      52d09e30de0284798e8f9b5f4936cccf

    • SHA1

      313db760d899bf95ee0a75ee3705ca551c82fa19

    • SHA256

      e51fba0b26fc6cbb4bf24afba505aa2c562fedacc19ca68f4619d43916193453

    • SHA512

      2764de2fe4973cf7c6d5c02bf4c70a36c53e71f5b6073f757c405b9e80f2c283665a38cd46e5f282777d2f27809eb4ca6a7b8433ff1dd1974d73fc9ecbb20bfb

    • SSDEEP

      24576:YB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:YBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks