blackmoon | 19eb68361329fc505b25eb35408379eea16b0f33809ea801500d853b7a0ff47c | Triage

Submit
Reports

Overview

overview

Static

static

19eb683613...7c.exe

windows7-x64

7

19eb683613...7c.exe

windows10-2004-x64

Sharing

General

Target

19eb68361329fc505b25eb35408379eea16b0f33809ea801500d853b7a0ff47c
Size

9.1MB
Sample

240630-y9dczsxgrn
MD5

a88b5bfc4e61cda9ddfb6e73fc571981
SHA1

947ec1bcdcce737aecb2795897542cda75977375
SHA256

19eb68361329fc505b25eb35408379eea16b0f33809ea801500d853b7a0ff47c
SHA512

06014c17f2b33a331b799ef32dc6fc4ae5a64d824ea371087545b17661eadf73b09b3dc96fbac416ad861c0221858e859e9da340f9ef75ff0ef527fa1186167d
SSDEEP

196608:tXlNay8qtZ0QGEhPWZvlJv0RXYr/sHQeYxc4ZzdHtGsswV9k5O/Wp2AmMQzG6Srz:J3Z/GEh+ZoRweQ3dHbG5OnHs5aJsgen

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

19eb68361329fc505b25eb35408379eea16b0f33809ea801500d853b7a0ff47c.exe

Resource

win7-20240508-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

19eb68361329fc505b25eb35408379eea16b0f33809ea801500d853b7a0ff47c.exe

Resource

win10v2004-20240611-en

blackmoon banker trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  19eb68361329fc505b25eb35408379eea16b0f33809ea801500d853b7a0ff47c
- Size
  
  9.1MB
- MD5
  
  a88b5bfc4e61cda9ddfb6e73fc571981
- SHA1
  
  947ec1bcdcce737aecb2795897542cda75977375
- SHA256
  
  19eb68361329fc505b25eb35408379eea16b0f33809ea801500d853b7a0ff47c
- SHA512
  
  06014c17f2b33a331b799ef32dc6fc4ae5a64d824ea371087545b17661eadf73b09b3dc96fbac416ad861c0221858e859e9da340f9ef75ff0ef527fa1186167d
- SSDEEP
  
  196608:tXlNay8qtZ0QGEhPWZvlJv0RXYr/sHQeYxc4ZzdHtGsswV9k5O/Wp2AmMQzG6Srz:J3Z/GEh+ZoRweQ3dHbG5OnHs5aJsgen
Score

10^/10

upx blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy