blackmoon | 022607c07e9fa8c9140025038d0e2942451be2f03fa509c7fe4d9c787d2d0dc9 | Triage

Submit
Reports

Overview

overview

Static

static

7

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

3.5MB
Sample

230606-1mfwpsgd5x
MD5

c98f169c204562fab20fffb2417e037a
SHA1

e8fa26609efe1eac8022cf3264dba0b0a6016f58
SHA256

022607c07e9fa8c9140025038d0e2942451be2f03fa509c7fe4d9c787d2d0dc9
SHA512

ab5186a1e5d9b201a7cc8602ec67184a3a1ba713950bc95e81e72129aff315a5baa0f07da061c53dda85282091d36aea69efbd6747b87c1aca190cb3191da88b
SSDEEP

98304:Mx/uQFSYBhY+Xbz1Uf9gIfkv2RDeMc5UNcAq0ieI7ngIBxPDty:MxGblvBRm5znZBxDE

Score

10^/10

blackmoon banker bootkit persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

blackmoon banker bootkit persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

blackmoon banker bootkit persistence trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  3.5MB
- MD5
  
  c98f169c204562fab20fffb2417e037a
- SHA1
  
  e8fa26609efe1eac8022cf3264dba0b0a6016f58
- SHA256
  
  022607c07e9fa8c9140025038d0e2942451be2f03fa509c7fe4d9c787d2d0dc9
- SHA512
  
  ab5186a1e5d9b201a7cc8602ec67184a3a1ba713950bc95e81e72129aff315a5baa0f07da061c53dda85282091d36aea69efbd6747b87c1aca190cb3191da88b
- SSDEEP
  
  98304:Mx/uQFSYBhY+Xbz1Uf9gIfkv2RDeMc5UNcAq0ieI7ngIBxPDty:MxGblvBRm5znZBxDE
Score

10^/10

blackmoon banker bootkit persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankerbootkitpersistencetrojanupx

behavioral2

blackmoonbankerbootkitpersistencetrojanupx

© 2018-2024

Terms | Privacy