Overview

overview

10

Static

static

1

winwps.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winwps.msi

  • Size

    7.2MB

  • Sample

    230629-j7yhtacd75

  • MD5

    2ac06906ddfaaf7b8bd026a8a15c5ee0

  • SHA1

    295c845ee6cba9fc9de9c1556123768e4d400859

  • SHA256

    054e038130f657c86e258ab997b41847adcce19e72cb8118c91e5fae8d7d5162

  • SHA512

    599c3eb97ee8bc84a185d3a0ac290c2998d513c998bef6276ffe4e29e2e66eb31455672b16157c4320ce1ed2c2a996d717c9c4d717c206c600581934730a29ee

  • SSDEEP

    98304:UirbyiJB8py4vVaBI6/k42Pi2XJe1UrsQF4toMGPV7XyLG6teTTxmEiDr1uQ238o:UiSiIEW4BIcqi7QF4Gdxh6MT1k1uQn

Score
10/10
blackmoonbankertrojan

Malware Config

Targets

    • Target

      winwps.msi

    • Size

      7.2MB

    • MD5

      2ac06906ddfaaf7b8bd026a8a15c5ee0

    • SHA1

      295c845ee6cba9fc9de9c1556123768e4d400859

    • SHA256

      054e038130f657c86e258ab997b41847adcce19e72cb8118c91e5fae8d7d5162

    • SHA512

      599c3eb97ee8bc84a185d3a0ac290c2998d513c998bef6276ffe4e29e2e66eb31455672b16157c4320ce1ed2c2a996d717c9c4d717c206c600581934730a29ee

    • SSDEEP

      98304:UirbyiJB8py4vVaBI6/k42Pi2XJe1UrsQF4toMGPV7XyLG6teTTxmEiDr1uQ238o:UiSiIEW4BIcqi7QF4Gdxh6MT1k1uQn

    Score
    10/10
    blackmoonbankertrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks