blackmoon | 51018acee0414afb3da77a30c9188b7d5d47d8a3983f64787761a91bd4726a99 | Triage

Submit
Reports

Overview

overview

Static

static

3

51018acee0...99.exe

windows7-x64

51018acee0...99.exe

windows10-2004-x64

Sharing

General

Target

51018acee0414afb3da77a30c9188b7d5d47d8a3983f64787761a91bd4726a99.exe
Size

78KB
Sample

230612-wn9sysdg6y
MD5

ca62c94f654d61019611e7a516df0080
SHA1

f4f25145f2f60c3eb8a94663c5c520f3df260333
SHA256

51018acee0414afb3da77a30c9188b7d5d47d8a3983f64787761a91bd4726a99
SHA512

8c64a1f9bbf34b7b0a26835db8de8e3e3ffcd3a8411d0ac02462cafb9d962c334036bdf68162a90107793421d6234aa2f4ecabbcfc633b0921a65493a74967cf
SSDEEP

1536:RVqRnMVRsqoacHCRPFrCNsaqcVc9IjQbJbamNV1uhV+RutxQldHJPUl3H+U0:RVqGsXC/CNfqv9IjQ9baqV1uhV+Raxar

Score

10^/10

blackmoon banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

51018acee0414afb3da77a30c9188b7d5d47d8a3983f64787761a91bd4726a99.exe

Resource

win7-20230220-en

blackmoon banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

51018acee0414afb3da77a30c9188b7d5d47d8a3983f64787761a91bd4726a99.exe

Resource

win10v2004-20230220-en

blackmoon banker trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  51018acee0414afb3da77a30c9188b7d5d47d8a3983f64787761a91bd4726a99.exe
- Size
  
  78KB
- MD5
  
  ca62c94f654d61019611e7a516df0080
- SHA1
  
  f4f25145f2f60c3eb8a94663c5c520f3df260333
- SHA256
  
  51018acee0414afb3da77a30c9188b7d5d47d8a3983f64787761a91bd4726a99
- SHA512
  
  8c64a1f9bbf34b7b0a26835db8de8e3e3ffcd3a8411d0ac02462cafb9d962c334036bdf68162a90107793421d6234aa2f4ecabbcfc633b0921a65493a74967cf
- SSDEEP
  
  1536:RVqRnMVRsqoacHCRPFrCNsaqcVc9IjQbJbamNV1uhV+RutxQldHJPUl3H+U0:RVqGsXC/CNfqv9IjQ9baqV1uhV+Raxar
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2024

Terms | Privacy