blackmoon | dea9294a69e0c35f866057c27f9177348454da02ac96eb0d2d4cfd671c8aee9c | Triage

Submit
Reports

Overview

overview

Static

static

dea9294a69...9c.dll

windows7-x64

dea9294a69...9c.dll

windows10-2004-x64

Sharing

General

Target

dea9294a69e0c35f866057c27f9177348454da02ac96eb0d2d4cfd671c8aee9c
Size

5.5MB
Sample

230709-xyp2zafd57
MD5

1426430c076a96028efb1be7b211a8f8
SHA1

71a417520e62e927db03543474e2f25d51a9e61f
SHA256

dea9294a69e0c35f866057c27f9177348454da02ac96eb0d2d4cfd671c8aee9c
SHA512

5c65ad28f1096799be7dd9e9f4be96ebca45cf9a6eb6d5ee7facd92f000e0d53c1ae04a37080b6d4d67464fb1a685149e1172180a4a2aca9da2efd69eb5e5232
SSDEEP

49152:wqqw3Ig3FovIOoGfYtsXo7Kq1Ixg28kRNQc6ugHLxfobOftajN5Q+/jsHG3jAy5/:xJ3Fov2Ga7AKBrAN56at6D

Score

10^/10

blackmoon banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

dea9294a69e0c35f866057c27f9177348454da02ac96eb0d2d4cfd671c8aee9c.dll

Resource

win7-20230703-en

blackmoon banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

dea9294a69e0c35f866057c27f9177348454da02ac96eb0d2d4cfd671c8aee9c.dll

Resource

win10v2004-20230703-en

blackmoon banker trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  dea9294a69e0c35f866057c27f9177348454da02ac96eb0d2d4cfd671c8aee9c
- Size
  
  5.5MB
- MD5
  
  1426430c076a96028efb1be7b211a8f8
- SHA1
  
  71a417520e62e927db03543474e2f25d51a9e61f
- SHA256
  
  dea9294a69e0c35f866057c27f9177348454da02ac96eb0d2d4cfd671c8aee9c
- SHA512
  
  5c65ad28f1096799be7dd9e9f4be96ebca45cf9a6eb6d5ee7facd92f000e0d53c1ae04a37080b6d4d67464fb1a685149e1172180a4a2aca9da2efd69eb5e5232
- SSDEEP
  
  49152:wqqw3Ig3FovIOoGfYtsXo7Kq1Ixg28kRNQc6ugHLxfobOftajN5Q+/jsHG3jAy5/:xJ3Fov2Ga7AKBrAN56at6D
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2024

Terms | Privacy