blackmoon | 6835477cdc33ce06424a53e291c78385edb0e28a855b0a4a32dec357143d310c | Triage

Submit
Reports

Overview

overview

Static

static

3

6835477cdc...0c.exe

windows7-x64

6835477cdc...0c.exe

windows10-2004-x64

Sharing

General

Target

6835477cdc33ce06424a53e291c78385edb0e28a855b0a4a32dec357143d310c
Size

1.2MB
Sample

240704-2hkvjavgmf
MD5

38d3851a0eaad72357ad7d6206183bb9
SHA1

d9fd8a2fc6c91861f05128980982668ada9efcf6
SHA256

6835477cdc33ce06424a53e291c78385edb0e28a855b0a4a32dec357143d310c
SHA512

e5902aca6ec03dc7874a545dd0ffed260b000f755c5577d032d80904d75b8f95d7516800b74f4c8e37436e20782a903d3d11e2a7bc126e6dc70f358107135ef2
SSDEEP

6144:Y1VWFa6hrW3VIXTlh/xJ4ZXnW4QWT96ficzUa5cFeGhK+xuI7z/2fmcFeGhK+xu3:Y1VovnXTlh/xJ4Zm4D6bUZl3El3

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6835477cdc33ce06424a53e291c78385edb0e28a855b0a4a32dec357143d310c.exe

Resource

win7-20240419-en

blackmoon banker trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6835477cdc33ce06424a53e291c78385edb0e28a855b0a4a32dec357143d310c.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6835477cdc33ce06424a53e291c78385edb0e28a855b0a4a32dec357143d310c
- Size
  
  1.2MB
- MD5
  
  38d3851a0eaad72357ad7d6206183bb9
- SHA1
  
  d9fd8a2fc6c91861f05128980982668ada9efcf6
- SHA256
  
  6835477cdc33ce06424a53e291c78385edb0e28a855b0a4a32dec357143d310c
- SHA512
  
  e5902aca6ec03dc7874a545dd0ffed260b000f755c5577d032d80904d75b8f95d7516800b74f4c8e37436e20782a903d3d11e2a7bc126e6dc70f358107135ef2
- SSDEEP
  
  6144:Y1VWFa6hrW3VIXTlh/xJ4ZXnW4QWT96ficzUa5cFeGhK+xuI7z/2fmcFeGhK+xu3:Y1VovnXTlh/xJ4Zm4D6bUZl3El3
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy