blackmoon | 7f6344e5ebcc7ecf98acaf63efcd29952b2152f6f9d2ed061289b2d7944a5556 | Triage

Submit
Reports

Overview

overview

Static

static

3

7f6344e5eb...56.exe

windows7-x64

7f6344e5eb...56.exe

windows10-2004-x64

Sharing

General

Target

7f6344e5ebcc7ecf98acaf63efcd29952b2152f6f9d2ed061289b2d7944a5556
Size

2.9MB
Sample

230621-125hlsbf86
MD5

b03da2cad31f6dd89dde2e181553da6e
SHA1

5c8ba30aa2c3971e179e5c86ca31462897a3b5a9
SHA256

7f6344e5ebcc7ecf98acaf63efcd29952b2152f6f9d2ed061289b2d7944a5556
SHA512

3488b6171534d61620bfc1f42dd11e4c4c826892f466b24da4187a94000f072c1c0f3ed5b4bd0c3a1fe3e7f807e96c638418a6d3eac4d9b6b89f8f094f1a2f6a
SSDEEP

49152:SGOHuqFTiOmBukNbWQZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcn:tOjFTirBPng3Yz5J/693kO

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7f6344e5ebcc7ecf98acaf63efcd29952b2152f6f9d2ed061289b2d7944a5556.exe

Resource

win7-20230621-en

blackmoon aspackv2 banker trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7f6344e5ebcc7ecf98acaf63efcd29952b2152f6f9d2ed061289b2d7944a5556.exe

Resource

win10v2004-20230621-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  7f6344e5ebcc7ecf98acaf63efcd29952b2152f6f9d2ed061289b2d7944a5556
- Size
  
  2.9MB
- MD5
  
  b03da2cad31f6dd89dde2e181553da6e
- SHA1
  
  5c8ba30aa2c3971e179e5c86ca31462897a3b5a9
- SHA256
  
  7f6344e5ebcc7ecf98acaf63efcd29952b2152f6f9d2ed061289b2d7944a5556
- SHA512
  
  3488b6171534d61620bfc1f42dd11e4c4c826892f466b24da4187a94000f072c1c0f3ed5b4bd0c3a1fe3e7f807e96c638418a6d3eac4d9b6b89f8f094f1a2f6a
- SSDEEP
  
  49152:SGOHuqFTiOmBukNbWQZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcn:tOjFTirBPng3Yz5J/693kO
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy