Overview

overview

10

Static

static

7

b029c08789...96.exe

windows7-x64

10

b029c08789...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296

  • Size

    1.3MB

  • Sample

    230628-za9gtabh7w

  • MD5

    0b037e3d12262a1638c1217fae8773a1

  • SHA1

    e233cc1d6d71034f77d17d89658d2052b1038db5

  • SHA256

    b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296

  • SHA512

    35a2381a73e56718ff6d55661708a0230a4de2c3770ff7b5825f22dfc1a757515a5555a14fce737d9806406df3833c7f415a15a30b3ff67fcc43f3239b408529

  • SSDEEP

    24576:fzgTLkcevOAJHPSTacyR3uunznkX4C+YyRGG6yaHDMEw:fzgTOey7gX4KiSD0

Score
10/10
blackmoonbankertrojanupx

Malware Config

Targets

    • Target

      b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296

    • Size

      1.3MB

    • MD5

      0b037e3d12262a1638c1217fae8773a1

    • SHA1

      e233cc1d6d71034f77d17d89658d2052b1038db5

    • SHA256

      b029c08789c6001aa1f9e870a06ef049433d0cc25becc1beb9f0d6302508b296

    • SHA512

      35a2381a73e56718ff6d55661708a0230a4de2c3770ff7b5825f22dfc1a757515a5555a14fce737d9806406df3833c7f415a15a30b3ff67fcc43f3239b408529

    • SSDEEP

      24576:fzgTLkcevOAJHPSTacyR3uunznkX4C+YyRGG6yaHDMEw:fzgTOey7gX4KiSD0

    Score
    10/10
    blackmoonbankertrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks