blackmoon | b043aa814ea783fddcd22e22279e1c296ae15a327ff9cd1bd8372face420964f | Triage

Submit
Reports

Overview

overview

Static

static

3

b043aa814e...4f.exe

windows7-x64

b043aa814e...4f.exe

windows10-2004-x64

Sharing

General

Target

b043aa814ea783fddcd22e22279e1c296ae15a327ff9cd1bd8372face420964f
Size

4.4MB
Sample

240701-j9z5esvbnp
MD5

37cbbee581f03898ac8e5961afdf4c7a
SHA1

20ccdd9bd0cf00706585fbe6b735cfb154de09c0
SHA256

b043aa814ea783fddcd22e22279e1c296ae15a327ff9cd1bd8372face420964f
SHA512

63112a36f69149478b0ea6eb873421f80ae7fe10771da996edb144f067d2f55ce22ab6338c81f86509a16ff6dd1e91f9455b21db19356f494ba2b4fe971b2b64
SSDEEP

98304:wj8wbOARL1Pi60lC6nOOydL3r+4TFAUl+Gpp:obOANP0s6n4H9DJpp

Score

10^/10

blackmoon banker persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b043aa814ea783fddcd22e22279e1c296ae15a327ff9cd1bd8372face420964f.exe

Resource

win7-20240221-en

blackmoon banker persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b043aa814ea783fddcd22e22279e1c296ae15a327ff9cd1bd8372face420964f.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  b043aa814ea783fddcd22e22279e1c296ae15a327ff9cd1bd8372face420964f
- Size
  
  4.4MB
- MD5
  
  37cbbee581f03898ac8e5961afdf4c7a
- SHA1
  
  20ccdd9bd0cf00706585fbe6b735cfb154de09c0
- SHA256
  
  b043aa814ea783fddcd22e22279e1c296ae15a327ff9cd1bd8372face420964f
- SHA512
  
  63112a36f69149478b0ea6eb873421f80ae7fe10771da996edb144f067d2f55ce22ab6338c81f86509a16ff6dd1e91f9455b21db19356f494ba2b4fe971b2b64
- SSDEEP
  
  98304:wj8wbOARL1Pi60lC6nOOydL3r+4TFAUl+Gpp:obOANP0s6n4H9DJpp
Score

10^/10

blackmoon banker persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Adds policy Run key to start application
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy