blackmoon | aed9408697a619e4181867f82a61f20ddbb1c3d3ff4816460b494b854ffa96cb

General

Target

aed9408697a619e4181867f82a61f20ddbb1c3d3ff4816460b494b854ffa96cb
Size

5.8MB
Sample

230612-3kvm7aeg4v
MD5

92b1f3882505126b22e90978af46ba89
SHA1

9f25598e120d5ac69051c69700baaa0d35d5d0ec
SHA256

aed9408697a619e4181867f82a61f20ddbb1c3d3ff4816460b494b854ffa96cb
SHA512

854b817b4eab45b31b862466e22eb87b589d09596d8e21d737747697f126fdce9e271907c2190da0212c25e85f2fc805c557fe80bf20430ffbd9f2f901f4ece9
SSDEEP

98304:HyHLvyloQjQe/XoN8ESMy3NkPLmy+NKQO/w2RJtqCWKR:HyHLvgoHeW8ESjuDmylw2RJw6R

Score

10^/10

Malware Config

Targets

- Target
  
  aed9408697a619e4181867f82a61f20ddbb1c3d3ff4816460b494b854ffa96cb
- Size
  
  5.8MB
- MD5
  
  92b1f3882505126b22e90978af46ba89
- SHA1
  
  9f25598e120d5ac69051c69700baaa0d35d5d0ec
- SHA256
  
  aed9408697a619e4181867f82a61f20ddbb1c3d3ff4816460b494b854ffa96cb
- SHA512
  
  854b817b4eab45b31b862466e22eb87b589d09596d8e21d737747697f126fdce9e271907c2190da0212c25e85f2fc805c557fe80bf20430ffbd9f2f901f4ece9
- SSDEEP
  
  98304:HyHLvyloQjQe/XoN8ESMy3NkPLmy+NKQO/w2RJtqCWKR:HyHLvgoHeW8ESjuDmylw2RJw6R
Score

10^/10

blackmoon aspackv2 banker bootkit persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

Downloads MZ/PE file

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2