blackmoon | e68f08a021c90809c6075a9385a2b80cb025877ffa1a09b0b6c122c3d726e7c4 | Triage

Submit
Reports

Overview

overview

Static

static

e68f08a021...c4.exe

windows7-x64

e68f08a021...c4.exe

windows10-2004-x64

Sharing

General

Target

e68f08a021c90809c6075a9385a2b80cb025877ffa1a09b0b6c122c3d726e7c4
Size

68KB
Sample

221123-p2xl8ach25
MD5

efe656f08bdd12531ee5da0f6e775912
SHA1

362e8920e4301fa6d8cf12cbceb75eb06b6635bc
SHA256

e68f08a021c90809c6075a9385a2b80cb025877ffa1a09b0b6c122c3d726e7c4
SHA512

23328ca70828e9977a06f6525d5beda6c5a9137778e4ded83307fcc40c9e1006b00a6e4315fdadb1629873e3a3ee94f513b3af0719ad9d7b04897e4299b1fdf3
SSDEEP

1536:HYL53ZzLd2QZO6wug6yohaL+obgGlvkW0GJ1d:HYV3Rd2QZ5foSGlx0u/

Score

10^/10

blackmoon banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e68f08a021c90809c6075a9385a2b80cb025877ffa1a09b0b6c122c3d726e7c4.exe

Resource

win7-20220812-en

blackmoon banker persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e68f08a021c90809c6075a9385a2b80cb025877ffa1a09b0b6c122c3d726e7c4.exe

Resource

win10v2004-20220812-en

blackmoon banker persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  e68f08a021c90809c6075a9385a2b80cb025877ffa1a09b0b6c122c3d726e7c4
- Size
  
  68KB
- MD5
  
  efe656f08bdd12531ee5da0f6e775912
- SHA1
  
  362e8920e4301fa6d8cf12cbceb75eb06b6635bc
- SHA256
  
  e68f08a021c90809c6075a9385a2b80cb025877ffa1a09b0b6c122c3d726e7c4
- SHA512
  
  23328ca70828e9977a06f6525d5beda6c5a9137778e4ded83307fcc40c9e1006b00a6e4315fdadb1629873e3a3ee94f513b3af0719ad9d7b04897e4299b1fdf3
- SSDEEP
  
  1536:HYL53ZzLd2QZO6wug6yohaL+obgGlvkW0GJ1d:HYV3Rd2QZ5foSGlx0u/
Score

10^/10

blackmoon banker persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojan

behavioral2

blackmoonbankerpersistencetrojan

© 2018-2024

Terms | Privacy