blackmoon | 73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea

General

Target

73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea
Size

1.9MB
Sample

230630-yrt8saff3x
MD5

155ee7ec57a139a0b761f17ea03e9963
SHA1

d06e28649230663f10cf802707d0652b2ab31aee
SHA256

73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea
SHA512

2e2fdacf3926c32ff05c6b0138a915e8206f88b20a6347062e8fde3ec17c117a7fbd24af126d5fe2d34feb636f9732101ecdf1f8b2f4d3e28c241b1a2d7d66ba
SSDEEP

49152:3zw+vjUmjI1U9K1q3uoX8LVFSe3E4zANDCp1:3zw+vwYYn0YRYwANDCp1

Score

10^/10

Malware Config

Targets

- Target
  
  73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea
- Size
  
  1.9MB
- MD5
  
  155ee7ec57a139a0b761f17ea03e9963
- SHA1
  
  d06e28649230663f10cf802707d0652b2ab31aee
- SHA256
  
  73f26b38368473a7e56582cba90c0426adfffe7f5a187fdddfca35f96e6150ea
- SHA512
  
  2e2fdacf3926c32ff05c6b0138a915e8206f88b20a6347062e8fde3ec17c117a7fbd24af126d5fe2d34feb636f9732101ecdf1f8b2f4d3e28c241b1a2d7d66ba
- SSDEEP
  
  49152:3zw+vjUmjI1U9K1q3uoX8LVFSe3E4zANDCp1:3zw+vwYYn0YRYwANDCp1
Score

10^/10

upx blackmoon purplefox banker rootkit trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

Detect PurpleFox Rootkit

PurpleFox

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2