General
-
Target
JaffaCakes118_052cfb9278ae0a99105834a7282aae4628c2790b82690de7cf3b607f4e2c872c
-
Size
1.2MB
-
Sample
241225-p8c66atmdl
-
MD5
5c0921c5a27060b99680a8339807abcf
-
SHA1
b1128f14c7250657b1cca4fcb1820674c33fe2ee
-
SHA256
052cfb9278ae0a99105834a7282aae4628c2790b82690de7cf3b607f4e2c872c
-
SHA512
1d07e7a95746208477f0e783f4e8c369e121ca6d3b343202255b7dbbdd3aa1a9cd3c0fd244ce43dea0fa999e905d728d05e35e45752a41d7d6c4214fe79e49ea
-
SSDEEP
24576:uB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:uBSDnV3XRfJ/emAUscMoCVuw
Malware Config
Targets
-
-
Target
JaffaCakes118_052cfb9278ae0a99105834a7282aae4628c2790b82690de7cf3b607f4e2c872c
-
Size
1.2MB
-
MD5
5c0921c5a27060b99680a8339807abcf
-
SHA1
b1128f14c7250657b1cca4fcb1820674c33fe2ee
-
SHA256
052cfb9278ae0a99105834a7282aae4628c2790b82690de7cf3b607f4e2c872c
-
SHA512
1d07e7a95746208477f0e783f4e8c369e121ca6d3b343202255b7dbbdd3aa1a9cd3c0fd244ce43dea0fa999e905d728d05e35e45752a41d7d6c4214fe79e49ea
-
SSDEEP
24576:uB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:uBSDnV3XRfJ/emAUscMoCVuw
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-