blackmoon | 84fd010be9c5d88bf487c276672099e65e06ca0695624ecf8e1c923b1c33f01c | Triage

Submit
Reports

Overview

overview

Static

static

7

5.exe

windows7-x64

5.exe

windows10-2004-x64

Resubmissions

27-02-2023 09:32

230227-lhsmdacf9v 10

27-02-2023 09:25

230227-ldly2acf61 10

Sharing

General

Target

84fd010be9c5d88bf487c276672099e65e06ca0695624ecf8e1c923b1c33f01c
Size

4.0MB
Sample

230227-ldly2acf61
MD5

d669b0cfc7943855c3596c9023889cb4
SHA1

2d2bc68788c8e590847bb126e5bf99a4ebb7606d
SHA256

84fd010be9c5d88bf487c276672099e65e06ca0695624ecf8e1c923b1c33f01c
SHA512

0a84926cec57fd284d0e0ad24988d8e64dc96e7d8fb603f4d1f42aeb50a777f1c7517f404588ef835156f03331877776a51cba5530d2f437c2d55c84af309ece
SSDEEP

98304:w9fw3cxmBSrj9Npa0DEwXXmLOwRSwZ9jcQ/2MVW3Hk3BnNBHNUqEUtu:wpyBSjpaAEw0QwZBx6EVNUv

Score

10^/10

blackmoon aspackv2 banker persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5.exe

Resource

win7-20230220-en

blackmoon banker persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5.exe

Resource

win10v2004-20230220-en

blackmoon banker persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  5.exe
- Size
  
  4.1MB
- MD5
  
  d1e3796faa8febcb5727af4cf10fa912
- SHA1
  
  329a3ad3cdbb1c05ae60d5a7e232e11dc55ff4bb
- SHA256
  
  b568fd0c4e510808e3c4368f2a5ad7a579675a41e4d010541d3308dcc1ab0237
- SHA512
  
  1fe38416a1d868a506ac3ba317f0d306c9c8d6d8d6609b5d275944aa32faf29d30bd5a6df1fbf946bff942344e28926bc131204c29549c4d498f5089e006e499
- SSDEEP
  
  98304:hGGReDAApdZ4WATvMu3ehwtwrEEcm9GR+NcKJrJ10dqcx+MItpqcws:hGIAp74dL33h7QGR+KKJrnOH6
Score

10^/10

blackmoon banker persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojan

behavioral2

blackmoonbankerpersistencetrojan

© 2018-2024

Terms | Privacy