Overview

overview

10

Static

static

10

e11772eedc...c4.exe

windows7-x64

10

e11772eedc...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11001782136.zip

  • Size

    74KB

  • Sample

    230704-tagh5sgf9w

  • MD5

    8e0f8a4851081362990ec5ab6600c73e

  • SHA1

    1c9267985db3391d92687eeb6a31181d4f577670

  • SHA256

    16d531f4f8ed1f7bc659261037d5d75ac45ee4eb0018200be3a49723c0d144c2

  • SHA512

    72cf4ce049119b58a22a17ec4ef4d7946af39395171907b4fa65401702635e5bd2a4a01ba68b6e89bc882c03a36f19f19b8ea59dc276ae01b349ad52e0ded6cb

  • SSDEEP

    1536:0yBVIbJx2+6ztODsP+6Gzg5m7BVzVoizSN9jFqpH5Gj6FyyJCI3gScu:dBWtxqztRP+62XBV2+STjUMuyyJ13vcu

Score
10/10
blackmoonbankertrojanupx

Malware Config

Targets

    • Target

      e11772eedc0cf9814fc153a69fcc83506073f98ee0b46a23aa139fa8b6d1fdc4

    • Size

      184KB

    • MD5

      9a1ed2cca63a687653819fa6d96a295f

    • SHA1

      ba4b119c88db29c79af0e5287f0543ad885e62e7

    • SHA256

      e11772eedc0cf9814fc153a69fcc83506073f98ee0b46a23aa139fa8b6d1fdc4

    • SHA512

      ada4da58cde8f810a5c81052d44366561309af4e0bbe2ce6801b226998ca9ad1b7f9e18c237c3a7bae41cf6cfb7a969f0fff625f7804e5df33cd0e7e69a0899a

    • SSDEEP

      3072:HZS91VnEycqLBe7PEoy2nI9Ee12ll2RMN/b2trYOG1tXUw:H8o7coyqw2ll2qN/C0N

    Score
    10/10
    blackmoonbankertrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks