Overview

overview

10

Static

static

10

2024-07-04...ia.exe

windows7-x64

10

2024-07-04...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-04_23dbf296006755d8bf37e8190b15ef0b_mafia

  • Size

    1.6MB

  • Sample

    240704-q4ckhaxerl

  • MD5

    23dbf296006755d8bf37e8190b15ef0b

  • SHA1

    86e58edbfbebcd2043c3225e13be47e54b76ca6a

  • SHA256

    a21d4bbf5a1b506a02c95e014a8e1c8e29c8a4434f9ddf33021b46d836c82e09

  • SHA512

    c73fcd44c8b39f7ed7ed955d2e75382df547b4011b0b6efb89869b296d9aed3e6b3c5a190516a288498d7588ac9833d52ad382dccd226c8dce092342781a1d91

  • SSDEEP

    24576:kEoD7eAzxG0Jc0a1VjXszQRJ5OTJ7hIVymFNlMtRVblP9PIjo3rSAp0sUPYud9m4:kZzju1VbszQe/I07SAp0sUPYu7Uo7

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Targets

    • Target

      2024-07-04_23dbf296006755d8bf37e8190b15ef0b_mafia

    • Size

      1.6MB

    • MD5

      23dbf296006755d8bf37e8190b15ef0b

    • SHA1

      86e58edbfbebcd2043c3225e13be47e54b76ca6a

    • SHA256

      a21d4bbf5a1b506a02c95e014a8e1c8e29c8a4434f9ddf33021b46d836c82e09

    • SHA512

      c73fcd44c8b39f7ed7ed955d2e75382df547b4011b0b6efb89869b296d9aed3e6b3c5a190516a288498d7588ac9833d52ad382dccd226c8dce092342781a1d91

    • SSDEEP

      24576:kEoD7eAzxG0Jc0a1VjXszQRJ5OTJ7hIVymFNlMtRVblP9PIjo3rSAp0sUPYud9m4:kZzju1VbszQe/I07SAp0sUPYu7Uo7

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks