blackmoon | 5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17 | Triage

Submit
Reports

Overview

overview

Static

static

5a15bcdc3e...17.exe

windows7-x64

5a15bcdc3e...17.exe

windows10-2004-x64

Sharing

General

Target

5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17
Size

47KB
Sample

221123-xrmy2aag6z
MD5

bc3b89ff961b17e7959f68eabb2eafa4
SHA1

18194656b2458d8e12e98342ddbb5811da759fe6
SHA256

5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17
SHA512

92cd62ec5f7c27df94a46497d8b311415c68ff394c7ef5a54130e0bdfd59c3309c41a7d44dfa728e9149fc4b6ce0d9e036086d88dad5fa37fcf3fe1a8f95f43e
SSDEEP

768:+IDCKubA0FRe1EvvUe36jnZ7WklzEQJQnXP60IT7HUCt8QYvHaOKy90A12pNh1aX:VEU1EvvUVjcMzbJaP60ITUCGFv6ZuXwU

Score

10^/10

blackmoon banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17.exe

Resource

win7-20221111-en

blackmoon banker persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17.exe

Resource

win10v2004-20221111-en

blackmoon banker persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17
- Size
  
  47KB
- MD5
  
  bc3b89ff961b17e7959f68eabb2eafa4
- SHA1
  
  18194656b2458d8e12e98342ddbb5811da759fe6
- SHA256
  
  5a15bcdc3eb8604c2b7318e7fd6eb612a554c10bd3db43a8edfe9ada29497e17
- SHA512
  
  92cd62ec5f7c27df94a46497d8b311415c68ff394c7ef5a54130e0bdfd59c3309c41a7d44dfa728e9149fc4b6ce0d9e036086d88dad5fa37fcf3fe1a8f95f43e
- SSDEEP
  
  768:+IDCKubA0FRe1EvvUe36jnZ7WklzEQJQnXP60IT7HUCt8QYvHaOKy90A12pNh1aX:VEU1EvvUVjcMzbJaP60ITUCGFv6ZuXwU
Score

10^/10

blackmoon banker persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojan

behavioral2

blackmoonbankerpersistencetrojan

© 2018-2024

Terms | Privacy