Overview

overview

10

Static

static

10

cb828162dd...c1.exe

windows7-x64

10

cb828162dd...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

  • Size

    284KB

  • Sample

    230607-x8b8vsfe6v

  • MD5

    bf76d38a92d92b208c60c8a4004110c3

  • SHA1

    ccefd7aa5fcafc7dfb6d20e43b3640ab24871d2f

  • SHA256

    cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

  • SHA512

    9d360af90ea08351e84bbecd133f842688f75262376aab2fdadf7a0f8c34a0ab771cbfd1c6389a718714cba19d4c6f5f29d67e50acb0f9cdf4990d5a3f9e984b

  • SSDEEP

    3072:DGkl+FzE+m817lZ5U3VGSbWsSKXRu/+LjrEtECyqewTvDyRxeUB2JpC:DGkl+Fo87ljwVGSb9pL1Ctpy32Jp

Score
10/10
blackmoonbankertrojanupx

Malware Config

Targets

    • Target

      cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

    • Size

      284KB

    • MD5

      bf76d38a92d92b208c60c8a4004110c3

    • SHA1

      ccefd7aa5fcafc7dfb6d20e43b3640ab24871d2f

    • SHA256

      cb828162dd083cf50a0c0e8a43b9d4a6ce54c0c6a12bf2e4bed364117b74d0c1

    • SHA512

      9d360af90ea08351e84bbecd133f842688f75262376aab2fdadf7a0f8c34a0ab771cbfd1c6389a718714cba19d4c6f5f29d67e50acb0f9cdf4990d5a3f9e984b

    • SSDEEP

      3072:DGkl+FzE+m817lZ5U3VGSbWsSKXRu/+LjrEtECyqewTvDyRxeUB2JpC:DGkl+Fo87ljwVGSb9pL1Ctpy32Jp

    Score
    10/10
    blackmoonbankertrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks