Overview

overview

10

Static

static

7

c98f169c20...7a.exe

windows7-x64

10

c98f169c20...7a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c98f169c204562fab20fffb2417e037a.bin

  • Size

    3.5MB

  • Sample

    230608-ca5sasaf45

  • MD5

    c98f169c204562fab20fffb2417e037a

  • SHA1

    e8fa26609efe1eac8022cf3264dba0b0a6016f58

  • SHA256

    022607c07e9fa8c9140025038d0e2942451be2f03fa509c7fe4d9c787d2d0dc9

  • SHA512

    ab5186a1e5d9b201a7cc8602ec67184a3a1ba713950bc95e81e72129aff315a5baa0f07da061c53dda85282091d36aea69efbd6747b87c1aca190cb3191da88b

  • SSDEEP

    98304:Mx/uQFSYBhY+Xbz1Uf9gIfkv2RDeMc5UNcAq0ieI7ngIBxPDty:MxGblvBRm5znZBxDE

Score
10/10
blackmoonbankerbootkitpersistencetrojanupx

Malware Config

Targets

    • Target

      c98f169c204562fab20fffb2417e037a.bin

    • Size

      3.5MB

    • MD5

      c98f169c204562fab20fffb2417e037a

    • SHA1

      e8fa26609efe1eac8022cf3264dba0b0a6016f58

    • SHA256

      022607c07e9fa8c9140025038d0e2942451be2f03fa509c7fe4d9c787d2d0dc9

    • SHA512

      ab5186a1e5d9b201a7cc8602ec67184a3a1ba713950bc95e81e72129aff315a5baa0f07da061c53dda85282091d36aea69efbd6747b87c1aca190cb3191da88b

    • SSDEEP

      98304:Mx/uQFSYBhY+Xbz1Uf9gIfkv2RDeMc5UNcAq0ieI7ngIBxPDty:MxGblvBRm5znZBxDE

    Score
    10/10
    blackmoonbankerbootkitpersistencetrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks