General

  • Target

    JaffaCakes118_2361a9e702cd9352c0fc73dbbc1066f233daca1dbcda26898dcafeb0e6c9fa44

  • Size

    1.2MB

  • Sample

    241225-f2bv3synfx

  • MD5

    33df0f6daa18249bb31157aa4e8c5123

  • SHA1

    fc9a6bf39346daeb8311cfefc7b4e5e1e1488c11

  • SHA256

    2361a9e702cd9352c0fc73dbbc1066f233daca1dbcda26898dcafeb0e6c9fa44

  • SHA512

    ac4739ac4eaa43e4ea3d88ee86e24a2f7aeef832b63445e9db45734fbc5b9d8b137503f7c59d461c9797a35b7532dcaab3562c24d8a9704b766142ca0c78105a

  • SSDEEP

    24576:PB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:PBSDnV3XRfJ/emAUscMoCVuw

Malware Config

Targets

    • Target

      JaffaCakes118_2361a9e702cd9352c0fc73dbbc1066f233daca1dbcda26898dcafeb0e6c9fa44

    • Size

      1.2MB

    • MD5

      33df0f6daa18249bb31157aa4e8c5123

    • SHA1

      fc9a6bf39346daeb8311cfefc7b4e5e1e1488c11

    • SHA256

      2361a9e702cd9352c0fc73dbbc1066f233daca1dbcda26898dcafeb0e6c9fa44

    • SHA512

      ac4739ac4eaa43e4ea3d88ee86e24a2f7aeef832b63445e9db45734fbc5b9d8b137503f7c59d461c9797a35b7532dcaab3562c24d8a9704b766142ca0c78105a

    • SSDEEP

      24576:PB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:PBSDnV3XRfJ/emAUscMoCVuw

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks