blackmoon | 0ff713c7e9169e214088a288d29829a9d180baaa144f55da392dcada4c22bc30 | Triage

Submit
Reports

Overview

overview

Static

static

8

e0fac19021...b7.exe

windows7-x64

e0fac19021...b7.exe

windows10-2004-x64

Sharing

General

Target

e0fac190218ff59d4b641b03f0c397b7
Size

1.2MB
Sample

220725-kh522aagg8
MD5

e0fac190218ff59d4b641b03f0c397b7
SHA1

5720c4c9b93ab5c0236af2120cc4622a2b1a59e3
SHA256

0ff713c7e9169e214088a288d29829a9d180baaa144f55da392dcada4c22bc30
SHA512

f41126ae590bb69fa8a809ae4877c542d03d66fc23e359ec0e918c292a10077b6d53ebca649205607df1123d282d5ed6ad15a4717b40c66154a1ff641cdafc05

Score

10^/10

blackmoon banker persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e0fac190218ff59d4b641b03f0c397b7.exe

Resource

win7-20220715-en

blackmoon banker persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e0fac190218ff59d4b641b03f0c397b7.exe

Resource

win10v2004-20220721-en

blackmoon banker persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e0fac190218ff59d4b641b03f0c397b7
- Size
  
  1.2MB
- MD5
  
  e0fac190218ff59d4b641b03f0c397b7
- SHA1
  
  5720c4c9b93ab5c0236af2120cc4622a2b1a59e3
- SHA256
  
  0ff713c7e9169e214088a288d29829a9d180baaa144f55da392dcada4c22bc30
- SHA512
  
  f41126ae590bb69fa8a809ae4877c542d03d66fc23e359ec0e918c292a10077b6d53ebca649205607df1123d282d5ed6ad15a4717b40c66154a1ff641cdafc05
Score

10^/10

blackmoon banker persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojanupx

behavioral2

blackmoonbankerpersistencetrojanupx

© 2018-2024

Terms | Privacy