blackmoon | c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0 | Triage

Submit
Reports

Overview

overview

Static

static

7

c551367188...e0.exe

windows7-x64

c551367188...e0.exe

windows10-2004-x64

Sharing

General

Target

c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0
Size

1.3MB
Sample

230620-yclm4adh95
MD5

cef823eb157b4fa0e8524ed48307f345
SHA1

60d5405cbde42850c6d6f9fc5b7fe1773a720f28
SHA256

c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0
SHA512

7b7afd582955f000d62b63f4159d68b7f9d45b8c685e3ad0992ae1eef638cc6e15636adf0dc9fbc6373fd3c58f44f46bf74dfb37a7bb9ec3eae6c74a21b53abc
SSDEEP

24576:Dqmi8tpifdQ8ABVABskA1rz4B8VzWhRTOdlmuC/uZ7R9Ti1wGJRQvZ:umi8bifd+VABnYra3nTOhlxUwGs

Score

10^/10

blackmoon aspackv2 banker trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0.exe

Resource

win7-20230220-en

blackmoon aspackv2 banker trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0.exe

Resource

win10v2004-20230220-en

blackmoon aspackv2 banker trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0
- Size
  
  1.3MB
- MD5
  
  cef823eb157b4fa0e8524ed48307f345
- SHA1
  
  60d5405cbde42850c6d6f9fc5b7fe1773a720f28
- SHA256
  
  c5513671884fc3e02c5812b2a0b1645b8b664c9fb97ca332bedd18c051e591e0
- SHA512
  
  7b7afd582955f000d62b63f4159d68b7f9d45b8c685e3ad0992ae1eef638cc6e15636adf0dc9fbc6373fd3c58f44f46bf74dfb37a7bb9ec3eae6c74a21b53abc
- SSDEEP
  
  24576:Dqmi8tpifdQ8ABVABskA1rz4B8VzWhRTOdlmuC/uZ7R9Ti1wGJRQvZ:umi8bifd+VABnYra3nTOhlxUwGs
Score

10^/10

blackmoon aspackv2 banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojanupx

behavioral2

blackmoonaspackv2bankertrojanupx

© 2018-2024

Terms | Privacy