blackmoon | fe1b1277eee792a9684afda06569506e29b0816f61e8957964efdb9f2c4e3e5e | Triage

Submit
Reports

Overview

overview

Static

static

3

fe1b1277ee...5e.exe

windows7-x64

fe1b1277ee...5e.exe

windows10-2004-x64

Sharing

General

Target

fe1b1277eee792a9684afda06569506e29b0816f61e8957964efdb9f2c4e3e5e
Size

2.8MB
Sample

230625-yskqqsee67
MD5

92cf3d8aa1571e9cb316763d4f08d307
SHA1

733244edc78131518599e963cea7766d31dd161a
SHA256

fe1b1277eee792a9684afda06569506e29b0816f61e8957964efdb9f2c4e3e5e
SHA512

d9c737e2873cae27a328d85c8b01a72a0f86f52f77bf4821b870300b85ec556ce8aed854ecda6dc640b9fb336881541b064b79112e183e7753d5c4b2b54232dc
SSDEEP

49152:5cqyId46NIsQqBuoNbWpZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVc:GbIC6N93BtIg3Yz5J/693k

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fe1b1277eee792a9684afda06569506e29b0816f61e8957964efdb9f2c4e3e5e.exe

Resource

win7-20230621-en

blackmoon aspackv2 banker trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

fe1b1277eee792a9684afda06569506e29b0816f61e8957964efdb9f2c4e3e5e.exe

Resource

win10v2004-20230621-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  fe1b1277eee792a9684afda06569506e29b0816f61e8957964efdb9f2c4e3e5e
- Size
  
  2.8MB
- MD5
  
  92cf3d8aa1571e9cb316763d4f08d307
- SHA1
  
  733244edc78131518599e963cea7766d31dd161a
- SHA256
  
  fe1b1277eee792a9684afda06569506e29b0816f61e8957964efdb9f2c4e3e5e
- SHA512
  
  d9c737e2873cae27a328d85c8b01a72a0f86f52f77bf4821b870300b85ec556ce8aed854ecda6dc640b9fb336881541b064b79112e183e7753d5c4b2b54232dc
- SSDEEP
  
  49152:5cqyId46NIsQqBuoNbWpZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVc:GbIC6N93BtIg3Yz5J/693k
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy