blackmoon | 3a7c5d96b8bc4cc967455d0285f85dcca94c3a29d5c94589471dc75bfec120c9 | Triage

Submit
Reports

Overview

overview

Static

static

7

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

12.2MB
Sample

230426-rdv5labf61
MD5

1f175ba162cc415dc0bef233b5b41ff4
SHA1

a2f55c5b155fe067e74fbbc4ae8c5f869d455df2
SHA256

3a7c5d96b8bc4cc967455d0285f85dcca94c3a29d5c94589471dc75bfec120c9
SHA512

ebcf6864b92a02bc6c7c039ee32673f7da16d262aadd14b158bffc661c09a45ca4ec4a93a18e1f6e27718fdeae3c7a24906db40bbf2e282d2ea51489c9901375
SSDEEP

196608:G9tjMI+N7N+84ja44HKDQBKkXy+XWt815j5tDobSUFQjYYG17qQMXLLsnw:ej8obja4aK0BK+Hvj5t0ZFQLQMcw

Score

10^/10

blackmoon banker trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

blackmoon banker trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

blackmoon banker trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  12.2MB
- MD5
  
  1f175ba162cc415dc0bef233b5b41ff4
- SHA1
  
  a2f55c5b155fe067e74fbbc4ae8c5f869d455df2
- SHA256
  
  3a7c5d96b8bc4cc967455d0285f85dcca94c3a29d5c94589471dc75bfec120c9
- SHA512
  
  ebcf6864b92a02bc6c7c039ee32673f7da16d262aadd14b158bffc661c09a45ca4ec4a93a18e1f6e27718fdeae3c7a24906db40bbf2e282d2ea51489c9901375
- SSDEEP
  
  196608:G9tjMI+N7N+84ja44HKDQBKkXy+XWt815j5tDobSUFQjYYG17qQMXLLsnw:ej8obja4aK0BK+Hvj5t0ZFQLQMcw
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy