General

  • Target

    ef79533e643bb11424280d23b8270999c52cc226f409f72e972073f1adad7d2d

  • Size

    314KB

  • Sample

    241225-vdcvsszjhn

  • MD5

    afee45b830be9fae35ebda722b801800

  • SHA1

    2b49f9ed6ae2b0c36612d2267b58803bab96259e

  • SHA256

    ef79533e643bb11424280d23b8270999c52cc226f409f72e972073f1adad7d2d

  • SHA512

    d485dff2f4eda2c140e2ee87f3d048c3b78157c82ab746ca1704dcd7c38f67e98b42b6f31137ae6ef84a4c35b3cbe9d012977b62a7a2cd52ee80adfda5597862

  • SSDEEP

    6144:PMivKqmiRqbQFI7tjBty1xYtwQYpk0iYCF+lq9177tGKBoudDeklV04E3:0kYbQFI7RPwk00rFekHLE

Malware Config

Targets

    • Target

      ef79533e643bb11424280d23b8270999c52cc226f409f72e972073f1adad7d2d

    • Size

      314KB

    • MD5

      afee45b830be9fae35ebda722b801800

    • SHA1

      2b49f9ed6ae2b0c36612d2267b58803bab96259e

    • SHA256

      ef79533e643bb11424280d23b8270999c52cc226f409f72e972073f1adad7d2d

    • SHA512

      d485dff2f4eda2c140e2ee87f3d048c3b78157c82ab746ca1704dcd7c38f67e98b42b6f31137ae6ef84a4c35b3cbe9d012977b62a7a2cd52ee80adfda5597862

    • SSDEEP

      6144:PMivKqmiRqbQFI7tjBty1xYtwQYpk0iYCF+lq9177tGKBoudDeklV04E3:0kYbQFI7RPwk00rFekHLE

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Modifies RDP port number used by Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks