General

  • Target

    05dcf10fca338b6872a52afb4935928fcc2575610f7e1f65ed3eb76b911e74c9

  • Size

    10.2MB

  • Sample

    241225-fbbgmaylfl

  • MD5

    b79e05b90f69462bedd16ee5316f1efe

  • SHA1

    724b5ef7823ad25d0a8fbb41fde972571fdc268a

  • SHA256

    05dcf10fca338b6872a52afb4935928fcc2575610f7e1f65ed3eb76b911e74c9

  • SHA512

    f54606c7a54afff00bf32824411cb5ae39ebd83d1498127d3601b8b333ee9bb6970e08c40e6d743caee1775ee866d4226ef7191829dfdc6c54309e8dffd0e47a

  • SSDEEP

    98304:qvk38YyRM1xg3DEP1Y+OsUoD6NTxT5u3qLGhnjDKscdft6hrsP+76L49v2cLObHO:P8YyO1xg3a7VD6Nfkcdft6psPRL49/

Malware Config

Targets

    • Target

      05dcf10fca338b6872a52afb4935928fcc2575610f7e1f65ed3eb76b911e74c9

    • Size

      10.2MB

    • MD5

      b79e05b90f69462bedd16ee5316f1efe

    • SHA1

      724b5ef7823ad25d0a8fbb41fde972571fdc268a

    • SHA256

      05dcf10fca338b6872a52afb4935928fcc2575610f7e1f65ed3eb76b911e74c9

    • SHA512

      f54606c7a54afff00bf32824411cb5ae39ebd83d1498127d3601b8b333ee9bb6970e08c40e6d743caee1775ee866d4226ef7191829dfdc6c54309e8dffd0e47a

    • SSDEEP

      98304:qvk38YyRM1xg3DEP1Y+OsUoD6NTxT5u3qLGhnjDKscdft6hrsP+76L49v2cLObHO:P8YyO1xg3a7VD6Nfkcdft6psPRL49/

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks