Overview

overview

10

Static

static

10

ce9dcd1d76...aa.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10091288142.zip

  • Size

    3.7MB

  • Sample

    230414-zj71cabg72

  • MD5

    f49e692b1c0f3ad4404c12d64133b00d

  • SHA1

    675253411af6bd119866c4aba7e092ae05292d80

  • SHA256

    2c310264f618891a79f8ced977a2398f87f1030d4852b3e176878b4b31cf9d6b

  • SHA512

    e3ab72fb598d2d425a23bcc84a4ea69f960c8c9148a8ccbb84e8f9cd8308df18fecd7eaf6b3dd076d914e7a103652b4cf6e2beb4f2b03b1450098f2a1894b4b5

  • SSDEEP

    98304:VdWprg/pmZeNCzT3fMYRc3zoZRHvDoyicY4:VCs/pm8yT3fpRc38/oyicY4

Score
10/10
blackmoonbankertrojan

Malware Config

Targets

    • Target

      ce9dcd1d760fdb5a9f5d0166a03d21acac1890b7db87f1f8f07e9db83e2eacaa

    • Size

      6.9MB

    • MD5

      3de8b7d91dbf9a81b81327bd4b5163e9

    • SHA1

      422e3d7ecf94f38304718ef30c84cf6ea6ee23e0

    • SHA256

      ce9dcd1d760fdb5a9f5d0166a03d21acac1890b7db87f1f8f07e9db83e2eacaa

    • SHA512

      30aedf3573f0d0e0274d54b8f99e5b0df3a95d9854d425901c7d87d46f5bb59558b523ed859ab908c3a35e6f65a2a749ebb506a8a679e68b0c0fba1db805c084

    • SSDEEP

      98304:+F0CJ9DlZB9GzQ8JBAUZLw5lNBNcwJJBAUZLWM:W5kJV6DJV

    Score
    10/10
    blackmoonbankertrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks