blackmoon | 57522c2c58604834f1f1e7236d63a375503a788b805a47df738ae3663388a4bb | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-06-30...la.exe

windows7-x64

2024-06-30...la.exe

windows10-2004-x64

Sharing

General

Target

2024-06-30_e711531569d2e446c3501c635b41e89c_icedid_magniber_sakula
Size

22.3MB
Sample

240630-dfzznssgpc
MD5

e711531569d2e446c3501c635b41e89c
SHA1

e414d12a763ac179385df2da92267946540a4cbb
SHA256

57522c2c58604834f1f1e7236d63a375503a788b805a47df738ae3663388a4bb
SHA512

ce0f1b8a3618be5a63cf69d8cab54e1a9bb368a5952214cad2a71ed14acbd1d910a56c5c34465bf1eda92040ac61d459e64ba3e3ff1835bca5796b22ad583a5c
SSDEEP

393216:sY9mGvCEJi1BEmEC0QuImhIKjWcgjB8IU7oKrZAQMu4G+56d0jSBufcOIlXESZ8K:sYsYCEJi1BEnvQu7vja8IDKrZMu4GwjA

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-06-30_e711531569d2e446c3501c635b41e89c_icedid_magniber_sakula.exe

Resource

win7-20240220-en

blackmoon banker discovery trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-30_e711531569d2e446c3501c635b41e89c_icedid_magniber_sakula.exe

Resource

win10v2004-20240611-en

blackmoon banker discovery trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-30_e711531569d2e446c3501c635b41e89c_icedid_magniber_sakula
- Size
  
  22.3MB
- MD5
  
  e711531569d2e446c3501c635b41e89c
- SHA1
  
  e414d12a763ac179385df2da92267946540a4cbb
- SHA256
  
  57522c2c58604834f1f1e7236d63a375503a788b805a47df738ae3663388a4bb
- SHA512
  
  ce0f1b8a3618be5a63cf69d8cab54e1a9bb368a5952214cad2a71ed14acbd1d910a56c5c34465bf1eda92040ac61d459e64ba3e3ff1835bca5796b22ad583a5c
- SSDEEP
  
  393216:sY9mGvCEJi1BEmEC0QuImhIKjWcgjB8IU7oKrZAQMu4G+56d0jSBufcOIlXESZ8K:sYsYCEJi1BEnvQu7vja8IDKrZMu4GwjA
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2024

Terms | Privacy