General

  • Target

    yunyu1.dll

  • Size

    3.3MB

  • Sample

    250402-cq92yssmv6

  • MD5

    5cebb26986fc489229f5c83efeff3edb

  • SHA1

    394d4ec00bbed12415f6f7df068f76606b2fb9b8

  • SHA256

    7a3ab1c009b5d827ab2245cb26cb9c70999542ebc0c4f40d97ca4116421cfad4

  • SHA512

    61af80903d690a01c7c542b050654be5f318099871a7ba602ecf79a6f7d335f172b10f5cac33cb7139dd7773b68f236a8f8e4dd482486197fb7b81288900e99f

  • SSDEEP

    98304:wSm9lpNfXVZI057IFL1v0X+JMYE49Lt5UrrIz+6Kf6g/FUKZeRn2RXA09LWBpSv6:wSYUq+JMcKIz7KvFM2SBpSc78T9W7

Malware Config

Targets

    • Target

      yunyu1.dll

    • Size

      3.3MB

    • MD5

      5cebb26986fc489229f5c83efeff3edb

    • SHA1

      394d4ec00bbed12415f6f7df068f76606b2fb9b8

    • SHA256

      7a3ab1c009b5d827ab2245cb26cb9c70999542ebc0c4f40d97ca4116421cfad4

    • SHA512

      61af80903d690a01c7c542b050654be5f318099871a7ba602ecf79a6f7d335f172b10f5cac33cb7139dd7773b68f236a8f8e4dd482486197fb7b81288900e99f

    • SSDEEP

      98304:wSm9lpNfXVZI057IFL1v0X+JMYE49Lt5UrrIz+6Kf6g/FUKZeRn2RXA09LWBpSv6:wSYUq+JMcKIz7KvFM2SBpSc78T9W7

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      out.upx

    • Size

      5.2MB

    • MD5

      a6c20cc2b0c76b08a2f0b5d93b92238c

    • SHA1

      e8b49bcba584c9069f5cd46f8f778695ef3cc451

    • SHA256

      0e5f21a9cf5f45cc5e234f50607af35fef93b07f4ae1bc1aa6ed32208876a2f0

    • SHA512

      7da9073055be2c43d7356c5b270e700b14626d8aa0b9420c505d5ae3ffaf2c5e66a2153874a545554fbd23ae69c1411595cf009d57793d002612e0d7f95994ed

    • SSDEEP

      98304:esAid9NFt0paacMXCTZlrxDmAFWueTLNfaEON:esAiBgaBMwZldFWT5faEa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks