General

  • Target

    JaffaCakes118_b151226c825a08a1bf1af137bf497a5e24bc1f42ba577bab938b772c20394929

  • Size

    1.2MB

  • Sample

    241225-eq4laaxpcr

  • MD5

    c4d74ec47af2b4c9e82c0edaf96ae4cd

  • SHA1

    d0dd0c837605036781a371f97e432a502a7256c6

  • SHA256

    b151226c825a08a1bf1af137bf497a5e24bc1f42ba577bab938b772c20394929

  • SHA512

    f22f489420373e569a72bacb8fb585a54151926f9f97c2232891fba6d5844ea88adc1c20a7ae150ba9951c8634dc43e70a05c44749f6485da1c9862882b73ffc

  • SSDEEP

    24576:KB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:KBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_b151226c825a08a1bf1af137bf497a5e24bc1f42ba577bab938b772c20394929

    • Size

      1.2MB

    • MD5

      c4d74ec47af2b4c9e82c0edaf96ae4cd

    • SHA1

      d0dd0c837605036781a371f97e432a502a7256c6

    • SHA256

      b151226c825a08a1bf1af137bf497a5e24bc1f42ba577bab938b772c20394929

    • SHA512

      f22f489420373e569a72bacb8fb585a54151926f9f97c2232891fba6d5844ea88adc1c20a7ae150ba9951c8634dc43e70a05c44749f6485da1c9862882b73ffc

    • SSDEEP

      24576:KB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:KBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks