blackmoon | 7229ea1ca5a1428a3b0ff558f4fef2177022b062cb5238aa0b32c3b32e726d98 | Triage

Submit
Reports

Overview

overview

Static

static

stonepollp33_zh.exe

windows7-x64

stonepollp33_zh.exe

windows10-2004-x64

Sharing

General

Target

7229ea1ca5a1428a3b0ff558f4fef2177022b062cb5238aa0b32c3b32e726d98
Size

519KB
Sample

221125-1mappaha54
MD5

2604cfd761ed4cfb64e1e9b593caba9c
SHA1

93866e9fe3aa33cd6d6c9d766798d164af602c28
SHA256

7229ea1ca5a1428a3b0ff558f4fef2177022b062cb5238aa0b32c3b32e726d98
SHA512

957a8166ee05576267f2f8563ca39a6ca6c0d5315609e396f6ddd2fd1ee66b380de5c88e3f552dbfef7aed5dbd0d67432db54c1b69be56a8c9dde25b189dab51
SSDEEP

12288:pJmYRm16gzMfNbmPOJvGGXr8zOYbZLvJOnFfeYlY2X:g6kMFSPYvVXryLvIntllTX

Score

10^/10

blackmoon banker bootkit persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

stonepollp33_zh.exe

Resource

win7-20221111-en

blackmoon banker bootkit persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

stonepollp33_zh.exe

Resource

win10v2004-20220812-en

blackmoon banker bootkit persistence trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  stonepollp33_zh.exe
- Size
  
  1.2MB
- MD5
  
  b777e98358e8c711ab550a97bd99602a
- SHA1
  
  2855cfefd2f8927ea8b28507db3b48bf89b10f32
- SHA256
  
  2708b957f15c6c7e2a2107f9a6c0d5faecd4512b5dca7f2569e2abb1115f107a
- SHA512
  
  a11f32277f562678abb4c40fe3a06559eb525da5ba31f6e0c30a840691b4cd4a4f06eb6a67ff252aebde29c391f6016b95707d0fc44af5cb0d636cb2c6773758
- SSDEEP
  
  24576:SCkHLS1NZmEe4E+6ssLCXMVGVF3kNXbpmgc5G3M:SCLeTAXSWF3kNXggc57
Score

10^/10

blackmoon banker bootkit persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankerbootkitpersistencetrojanupx

behavioral2

blackmoonbankerbootkitpersistencetrojanupx

© 2018-2024

Terms | Privacy