blackmoon | 57e54516bea0e42911417a040438b5279b73bbd8d68c615e6481c02929a81505 | Triage

Submit
Reports

Overview

overview

Static

static

57e54516be...05.exe

windows7-x64

8

57e54516be...05.exe

windows10-2004-x64

Sharing

General

Target

57e54516bea0e42911417a040438b5279b73bbd8d68c615e6481c02929a81505
Size

46KB
Sample

221126-k4b13sfh38
MD5

4609b7d2978af65aa0ee50644d11eb7a
SHA1

45686d4cdfd8050527248fc7e595ad08170636e7
SHA256

57e54516bea0e42911417a040438b5279b73bbd8d68c615e6481c02929a81505
SHA512

c4bd5a24373bc59b440a13ea872f525d987f205dcceecc608b9014f632ecef434a1fff283c3c47778c878a47fe470b997db47c054e2e50b755d142d22a27f47a
SSDEEP

768:ZCt2Uwed5HLjw0xPb7sHfVE8OaYSnyRm59vkx5be2uoDpxS9JnCte/K:ZCtHNd5rjR0a8I+vkPK2RS9JUei

Score

10^/10

blackmoon banker persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

57e54516bea0e42911417a040438b5279b73bbd8d68c615e6481c02929a81505.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

57e54516bea0e42911417a040438b5279b73bbd8d68c615e6481c02929a81505.exe

Resource

win10v2004-20220901-en

blackmoon banker persistence trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  57e54516bea0e42911417a040438b5279b73bbd8d68c615e6481c02929a81505
- Size
  
  46KB
- MD5
  
  4609b7d2978af65aa0ee50644d11eb7a
- SHA1
  
  45686d4cdfd8050527248fc7e595ad08170636e7
- SHA256
  
  57e54516bea0e42911417a040438b5279b73bbd8d68c615e6481c02929a81505
- SHA512
  
  c4bd5a24373bc59b440a13ea872f525d987f205dcceecc608b9014f632ecef434a1fff283c3c47778c878a47fe470b997db47c054e2e50b755d142d22a27f47a
- SSDEEP
  
  768:ZCt2Uwed5HLjw0xPb7sHfVE8OaYSnyRm59vkx5be2uoDpxS9JnCte/K:ZCtHNd5rjR0a8I+vkPK2RS9JUei
Score

10^/10

upx blackmoon banker persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

blackmoonbankerpersistencetrojanupx

© 2018-2024

Terms | Privacy