blackmoon | 40e78f28618f257161558930bd4ca73fe7d3b9bb68d38692f5ce75139a350c13 | Triage

Submit
Reports

Overview

overview

Static

static

40e78f2861...13.exe

windows7-x64

40e78f2861...13.exe

windows10-2004-x64

Sharing

General

Target

40e78f28618f257161558930bd4ca73fe7d3b9bb68d38692f5ce75139a350c13
Size

163KB
Sample

221125-cv1dbahe3w
MD5

ac13d94cacaf23b6e81a2701ff974319
SHA1

957df0b2f9f1e73a0d866e3ef2f82c2c5078061c
SHA256

40e78f28618f257161558930bd4ca73fe7d3b9bb68d38692f5ce75139a350c13
SHA512

003870b0e296396ae645bd42a00ed3306ec68581d9158a5ceb09d235c3bac7b1ea9edd00717950839003761e348a3475b503ca55054312fb6624d191456fa76e
SSDEEP

3072:eRHYIPwGaXaBOV/fXj5NvfeNKRQsoCoc0AAlFcbEVB/9ggwBI:elYIPfRo5L5NTR7oe0AgcwF9jwBI

Score

10^/10

blackmoon banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

40e78f28618f257161558930bd4ca73fe7d3b9bb68d38692f5ce75139a350c13.exe

Resource

win7-20220901-en

blackmoon banker persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

40e78f28618f257161558930bd4ca73fe7d3b9bb68d38692f5ce75139a350c13.exe

Resource

win10v2004-20220901-en

blackmoon banker persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  40e78f28618f257161558930bd4ca73fe7d3b9bb68d38692f5ce75139a350c13
- Size
  
  163KB
- MD5
  
  ac13d94cacaf23b6e81a2701ff974319
- SHA1
  
  957df0b2f9f1e73a0d866e3ef2f82c2c5078061c
- SHA256
  
  40e78f28618f257161558930bd4ca73fe7d3b9bb68d38692f5ce75139a350c13
- SHA512
  
  003870b0e296396ae645bd42a00ed3306ec68581d9158a5ceb09d235c3bac7b1ea9edd00717950839003761e348a3475b503ca55054312fb6624d191456fa76e
- SSDEEP
  
  3072:eRHYIPwGaXaBOV/fXj5NvfeNKRQsoCoc0AAlFcbEVB/9ggwBI:elYIPfRo5L5NTR7oe0AgcwF9jwBI
Score

10^/10

blackmoon banker persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Drops file in Drivers directory
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojan

behavioral2

blackmoonbankerpersistencetrojan

© 2018-2024

Terms | Privacy