blackmoon | 41ff2b0d6c9ad76caeea7221077e28f04480af7338ad724f5bbf7aec3f8a7f72 | Triage

Submit
Reports

Overview

overview

Static

static

41ff2b0d6c...72.exe

windows7-x64

41ff2b0d6c...72.exe

windows10-2004-x64

Sharing

General

Target

41ff2b0d6c9ad76caeea7221077e28f04480af7338ad724f5bbf7aec3f8a7f72
Size

233KB
Sample

230625-zgmlmaef65
MD5

f7c625d7263c18ecc8168c219dc9724c
SHA1

d2420a7a7e230efb3a7747c82cc6c45cac439a1f
SHA256

41ff2b0d6c9ad76caeea7221077e28f04480af7338ad724f5bbf7aec3f8a7f72
SHA512

78844189eba5420cdcf0ed13fb65cfd1a0fdafffd25fde409a376b49143910fa7ad2c367499e7beb70f872aea3172cabf909dd7ce312598177c648f9b7f8ae90
SSDEEP

6144:t5/xaoPuPKgyVX1e6IreazzIb4iue7G2r:t7a4lJ1e6IrotG2r

Score

10^/10

blackmoon banker persistence trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

41ff2b0d6c9ad76caeea7221077e28f04480af7338ad724f5bbf7aec3f8a7f72.exe

Resource

win7-20230621-en

blackmoon banker persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

41ff2b0d6c9ad76caeea7221077e28f04480af7338ad724f5bbf7aec3f8a7f72.exe

Resource

win10v2004-20230621-en

blackmoon banker persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  41ff2b0d6c9ad76caeea7221077e28f04480af7338ad724f5bbf7aec3f8a7f72
- Size
  
  233KB
- MD5
  
  f7c625d7263c18ecc8168c219dc9724c
- SHA1
  
  d2420a7a7e230efb3a7747c82cc6c45cac439a1f
- SHA256
  
  41ff2b0d6c9ad76caeea7221077e28f04480af7338ad724f5bbf7aec3f8a7f72
- SHA512
  
  78844189eba5420cdcf0ed13fb65cfd1a0fdafffd25fde409a376b49143910fa7ad2c367499e7beb70f872aea3172cabf909dd7ce312598177c648f9b7f8ae90
- SSDEEP
  
  6144:t5/xaoPuPKgyVX1e6IreazzIb4iue7G2r:t7a4lJ1e6IrotG2r
Score

10^/10

blackmoon banker persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojan

behavioral2

blackmoonbankerpersistencetrojan

© 2018-2024

Terms | Privacy