blackmoon | 6aae588397038a258380dba4871d3709b32097ac31312843da03b3164f88cd7a | Triage

Submit
Reports

Overview

overview

Static

static

6aae588397...7a.exe

windows7-x64

6aae588397...7a.exe

windows10-2004-x64

Sharing

General

Target

6aae588397038a258380dba4871d3709b32097ac31312843da03b3164f88cd7a
Size

1.8MB
Sample

240704-2mlbvswbjf
MD5

02b7f506d5d21afcfd9cbc0a35e75bc7
SHA1

b457b87ab8f506cb7af776b854fce306a3eea924
SHA256

6aae588397038a258380dba4871d3709b32097ac31312843da03b3164f88cd7a
SHA512

9f69872e91c1ee2d2a0a947eedff8a83a51144dd3b5c4912f5089dc70dde07fc608d9a5887e1fd453328aac8bd0d34569dcb0ddd9dfc95b600b0e70634e94d11
SSDEEP

24576:HfqMeY3QBhoWYJgIDWAeTkzZ+RkFN/yKBUZZAFDrrqBh3SWgSklWXKBUZb:HneXoWS5ZRN/yKiZEDrKBST1WXKiZb

Score

10^/10

blackmoon banker persistence privilege_escalation trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6aae588397038a258380dba4871d3709b32097ac31312843da03b3164f88cd7a.exe

Resource

win7-20240704-en

blackmoon banker persistence privilege_escalation trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

6aae588397038a258380dba4871d3709b32097ac31312843da03b3164f88cd7a.exe

Resource

win10v2004-20240704-en

blackmoon banker persistence privilege_escalation trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6aae588397038a258380dba4871d3709b32097ac31312843da03b3164f88cd7a
- Size
  
  1.8MB
- MD5
  
  02b7f506d5d21afcfd9cbc0a35e75bc7
- SHA1
  
  b457b87ab8f506cb7af776b854fce306a3eea924
- SHA256
  
  6aae588397038a258380dba4871d3709b32097ac31312843da03b3164f88cd7a
- SHA512
  
  9f69872e91c1ee2d2a0a947eedff8a83a51144dd3b5c4912f5089dc70dde07fc608d9a5887e1fd453328aac8bd0d34569dcb0ddd9dfc95b600b0e70634e94d11
- SSDEEP
  
  24576:HfqMeY3QBhoWYJgIDWAeTkzZ+RkFN/yKBUZZAFDrrqBh3SWgSklWXKBUZb:HneXoWS5ZRN/yKiZEDrKBST1WXKiZb
Score

10^/10

blackmoon banker persistence privilege_escalation trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankerpersistenceprivilege_escalationtrojan

behavioral2

blackmoonbankerpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy