blackmoon | 00afff69b8f52c22df1875d98d75730cde0ea314c6e5b120636ed47deb12d014 | Triage

Submit
Reports

Overview

overview

Static

static

摩纳哥.7z

windows10-1703-x64

7

摩纳哥.7z

windows7-x64

摩纳哥.7z

windows10-2004-x64

3

Sharing

General

Target

摩纳哥.7z
Size

19.9MB
Sample

230226-1x5b2saf28
MD5

8d798197150cf22c2d63ff1181ca0535
SHA1

49bd04d964cfae91cc4021323dae9d51e8c33964
SHA256

00afff69b8f52c22df1875d98d75730cde0ea314c6e5b120636ed47deb12d014
SHA512

f84049e0266662e8aeac3a0d829e0461f9465d0450d2f5a0e111477a78aa05706d51457bb4f4d37591aac07e8e6145a05d6346210391ab4e01e211dea0904e33
SSDEEP

393216:O/Yz0z3hU/4T4e47EdNCVKko+kA27u2f2hLyBiFHNzF7V:Lz63hUWtjd4VCAHOENzFJ

Score

10^/10

blackmoon mimikatz banker discovery trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

摩纳哥.7z

Resource

win10-20230220-en

windows10-1703-x64

12 signatures

1800 seconds

Behavioral task

behavioral2

Sample

摩纳哥.7z

Resource

win7-20230220-en

blackmoon banker discovery trojan upx

windows7-x64

17 signatures

1800 seconds

Behavioral task

behavioral3

Sample

摩纳哥.7z

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

1800 seconds

Malware Config

Targets

- Target
  
  摩纳哥.7z
- Size
  
  19.9MB
- MD5
  
  8d798197150cf22c2d63ff1181ca0535
- SHA1
  
  49bd04d964cfae91cc4021323dae9d51e8c33964
- SHA256
  
  00afff69b8f52c22df1875d98d75730cde0ea314c6e5b120636ed47deb12d014
- SHA512
  
  f84049e0266662e8aeac3a0d829e0461f9465d0450d2f5a0e111477a78aa05706d51457bb4f4d37591aac07e8e6145a05d6346210391ab4e01e211dea0904e33
- SSDEEP
  
  393216:O/Yz0z3hU/4T4e47EdNCVKko+kA27u2f2hLyBiFHNzF7V:Lz63hUWtjd4VCAHOENzFJ
Score

10^/10

upx blackmoon banker discovery trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

blackmoonbankerdiscoverytrojanupx

behavioral3

© 2018-2024

Terms | Privacy