blackmoon | ae8369a28b53ba7e283436a65c211ef032af555515fb961e6cb0c56c635d1834 | Triage

Submit
Reports

Overview

overview

Static

static

tfccltd.exe

windows7-x64

tfccltd.exe

windows10-2004-x64

Sharing

General

Target

tfccltd.exe
Size

292KB
Sample

220722-pea5psfccn
MD5

a1bfff3769a3962c5075e041c1c937b3
SHA1

2936ad4944f553277842155b0de2aa5f43d741fb
SHA256

ae8369a28b53ba7e283436a65c211ef032af555515fb961e6cb0c56c635d1834
SHA512

31eb0d602e1621b40cbc27acc85ac96eae2ab5d11d074fd13df2e08501c55bce328e75acb53ac666d4135246e018e85ac90e2a8b3099deb0d148c9e88186b7c5

Score

10^/10

blackmoon banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

tfccltd.exe

Resource

win7-20220718-en

blackmoon banker persistence trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

tfccltd.exe

Resource

win10v2004-20220721-en

blackmoon banker discovery persistence trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  tfccltd.exe
- Size
  
  292KB
- MD5
  
  a1bfff3769a3962c5075e041c1c937b3
- SHA1
  
  2936ad4944f553277842155b0de2aa5f43d741fb
- SHA256
  
  ae8369a28b53ba7e283436a65c211ef032af555515fb961e6cb0c56c635d1834
- SHA512
  
  31eb0d602e1621b40cbc27acc85ac96eae2ab5d11d074fd13df2e08501c55bce328e75acb53ac666d4135246e018e85ac90e2a8b3099deb0d148c9e88186b7c5
Score

10^/10

blackmoon banker persistence trojan discovery
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojan

behavioral2

blackmoonbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy