blackmoon | 9903ca5030add425280eeafd0b5734e2d7a5ef3b461cfb1fe33185648af09d5c | Triage

Submit
Reports

Overview

overview

Static

static

1

9903ca5030...5c.exe

windows7-x64

9903ca5030...5c.exe

windows10-2004-x64

Sharing

General

Target

9903ca5030add425280eeafd0b5734e2d7a5ef3b461cfb1fe33185648af09d5c
Size

4.1MB
Sample

230710-1ph4vaeg4v
MD5

5a15bed03693ab3de6bbbe67b91211e4
SHA1

783f9d5a4938a6188a4e3f9b56af4f834a9e6101
SHA256

9903ca5030add425280eeafd0b5734e2d7a5ef3b461cfb1fe33185648af09d5c
SHA512

a8c81f2a7dd0ee723202c35bfce2708990a31bc2ed613c3acf6a73a1f11248877949910cf12f77bef4a63c0370d59297ef0ce59af4d6115196c442e2c9a93dc9
SSDEEP

49152:bbILHmriT77k2uH9giYXbY4B7EWrTwsIPK59gZ6ZbaHcYz5aAVKiw6ZWqTG93jJ+:vMmrsk2ugRLYyEHFbg3Yz5J/693k3

Score

10^/10

blackmoon banker evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

9903ca5030add425280eeafd0b5734e2d7a5ef3b461cfb1fe33185648af09d5c.exe

Resource

win7-20230703-en

blackmoon banker evasion trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9903ca5030add425280eeafd0b5734e2d7a5ef3b461cfb1fe33185648af09d5c.exe

Resource

win10v2004-20230703-en

blackmoon banker evasion trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  9903ca5030add425280eeafd0b5734e2d7a5ef3b461cfb1fe33185648af09d5c
- Size
  
  4.1MB
- MD5
  
  5a15bed03693ab3de6bbbe67b91211e4
- SHA1
  
  783f9d5a4938a6188a4e3f9b56af4f834a9e6101
- SHA256
  
  9903ca5030add425280eeafd0b5734e2d7a5ef3b461cfb1fe33185648af09d5c
- SHA512
  
  a8c81f2a7dd0ee723202c35bfce2708990a31bc2ed613c3acf6a73a1f11248877949910cf12f77bef4a63c0370d59297ef0ce59af4d6115196c442e2c9a93dc9
- SSDEEP
  
  49152:bbILHmriT77k2uH9giYXbY4B7EWrTwsIPK59gZ6ZbaHcYz5aAVKiw6ZWqTG93jJ+:vMmrsk2ugRLYyEHFbg3Yz5J/693k3
Score

10^/10

blackmoon banker evasion trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerevasiontrojan

behavioral2

blackmoonbankerevasiontrojan

© 2018-2024

Terms | Privacy