General

  • Target

    ca53fd3df37b262fde8f174e0efd2d4f57de6f0130e009748fcf669c3fae6461

  • Size

    69KB

  • Sample

    241225-c8yfwavpet

  • MD5

    6c5ef20154f58186bdf0917529d01b67

  • SHA1

    1909dca5a05d243739dd01819fc6e16e9089b340

  • SHA256

    ca53fd3df37b262fde8f174e0efd2d4f57de6f0130e009748fcf669c3fae6461

  • SHA512

    6a25b372b99c108277faed251fd02c68405096b5b092862c7966082f6ec5df8165519b001053aeb4a82a6d81fcb3900749ba11c503455194926a49b617910aa1

  • SSDEEP

    1536:TPyr5BWPJgzJrQsA4MJ8SS5gq9a2pJ+jZOb4W9nouy8a8:T6DJrXAnHmgMJ+dOnFouta8

Malware Config

Targets

    • Target

      ca53fd3df37b262fde8f174e0efd2d4f57de6f0130e009748fcf669c3fae6461

    • Size

      69KB

    • MD5

      6c5ef20154f58186bdf0917529d01b67

    • SHA1

      1909dca5a05d243739dd01819fc6e16e9089b340

    • SHA256

      ca53fd3df37b262fde8f174e0efd2d4f57de6f0130e009748fcf669c3fae6461

    • SHA512

      6a25b372b99c108277faed251fd02c68405096b5b092862c7966082f6ec5df8165519b001053aeb4a82a6d81fcb3900749ba11c503455194926a49b617910aa1

    • SSDEEP

      1536:TPyr5BWPJgzJrQsA4MJ8SS5gq9a2pJ+jZOb4W9nouy8a8:T6DJrXAnHmgMJ+dOnFouta8

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks