General

  • Target

    JaffaCakes118_d5706093e328e18de4b1f58153289f5943af8c47bf708f0989d4d874451ee418

  • Size

    1.2MB

  • Sample

    241224-y3st4awpgk

  • MD5

    1f628b623ba715793f3165eae742d614

  • SHA1

    c332e2272c4e6bda48a5c4fb3698fb48bcd4df5e

  • SHA256

    d5706093e328e18de4b1f58153289f5943af8c47bf708f0989d4d874451ee418

  • SHA512

    96a2119125c52c6be77c3c0ad2b5a63705ea174e68b126b5969ccf07804b458fe23d6cbd3cb2b3beb6fc706e2c3a9a04c93166c8db9edb094d45b88d4853b758

  • SSDEEP

    24576:cB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:cBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_d5706093e328e18de4b1f58153289f5943af8c47bf708f0989d4d874451ee418

    • Size

      1.2MB

    • MD5

      1f628b623ba715793f3165eae742d614

    • SHA1

      c332e2272c4e6bda48a5c4fb3698fb48bcd4df5e

    • SHA256

      d5706093e328e18de4b1f58153289f5943af8c47bf708f0989d4d874451ee418

    • SHA512

      96a2119125c52c6be77c3c0ad2b5a63705ea174e68b126b5969ccf07804b458fe23d6cbd3cb2b3beb6fc706e2c3a9a04c93166c8db9edb094d45b88d4853b758

    • SSDEEP

      24576:cB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:cBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks