blackmoon | ed04378d4fe8fd0814a4435d86b7097706413094c476b29f2539b08ae9592bc2 | Triage

Submit
Reports

Overview

overview

Static

static

7

ed04378d4f...c2.exe

windows7-x64

ed04378d4f...c2.exe

windows10-2004-x64

Sharing

General

Target

ed04378d4fe8fd0814a4435d86b7097706413094c476b29f2539b08ae9592bc2
Size

1.8MB
Sample

230630-x8a1ssfe3s
MD5

4b24bb7eb024e319888f9e7e00fe4243
SHA1

c3607f61d72e6ec43cf7bf4f41d166eecaa27f58
SHA256

ed04378d4fe8fd0814a4435d86b7097706413094c476b29f2539b08ae9592bc2
SHA512

48c27f416e07307ee046ccab04fe868b0cf25fe178b002bcc1075adbc47d3fb7ae92b0e8709cdbd159f54755bd7c492e343d8da149d2a9a227836a8d315a0fc3
SSDEEP

49152:iRTQWltDVTODlosbWp6FjTxEeliYZ8+Y7JKQa:itzlnY/bW0FjTOKZJaJI

Score

10^/10

blackmoon banker evasion trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ed04378d4fe8fd0814a4435d86b7097706413094c476b29f2539b08ae9592bc2.exe

Resource

win7-20230621-en

evasion trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ed04378d4fe8fd0814a4435d86b7097706413094c476b29f2539b08ae9592bc2.exe

Resource

win10v2004-20230621-en

blackmoon banker evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  ed04378d4fe8fd0814a4435d86b7097706413094c476b29f2539b08ae9592bc2
- Size
  
  1.8MB
- MD5
  
  4b24bb7eb024e319888f9e7e00fe4243
- SHA1
  
  c3607f61d72e6ec43cf7bf4f41d166eecaa27f58
- SHA256
  
  ed04378d4fe8fd0814a4435d86b7097706413094c476b29f2539b08ae9592bc2
- SHA512
  
  48c27f416e07307ee046ccab04fe868b0cf25fe178b002bcc1075adbc47d3fb7ae92b0e8709cdbd159f54755bd7c492e343d8da149d2a9a227836a8d315a0fc3
- SSDEEP
  
  49152:iRTQWltDVTODlosbWp6FjTxEeliYZ8+Y7JKQa:itzlnY/bW0FjTOKZJaJI
Score

10^/10

evasion trojan upx blackmoon banker
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanupx

behavioral2

blackmoonbankerevasiontrojanupx

© 2018-2024

Terms | Privacy