blackmoon | ef7520c0e507c804fc5dd365395d118c342bda99efbea0b9a9988847c22e3476 | Triage

Submit
Reports

Overview

overview

Static

static

DKCat.exe

windows7-x64

DKCat.exe

windows10-2004-x64

Sharing

General

Target

DKCat.exe
Size

17.2MB
Sample

230720-ngxaaagb98
MD5

7192bbfd6821694aef377cf7d21846f6
SHA1

470f520859048e63cfde70206e47266e2d9f5aeb
SHA256

ef7520c0e507c804fc5dd365395d118c342bda99efbea0b9a9988847c22e3476
SHA512

c4d85f99671094e866f83c465cc2fc1923d6cd7fa1962f3431471a8cf1ce13cbb51886ae0b7b7320c4e2fae77da29586d076ae8e32b59d3167b5ee4cdb1bc511
SSDEEP

393216:o+XjgI884sQiasvvLNOmYg3r3d51AyzmkiFmRuEj:o+XjS8XhasvvLNfpbN5aYgsgA

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

DKCat.exe

Resource

win7-20230712-en

blackmoon banker trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

DKCat.exe

Resource

win10v2004-20230703-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  DKCat.exe
- Size
  
  17.2MB
- MD5
  
  7192bbfd6821694aef377cf7d21846f6
- SHA1
  
  470f520859048e63cfde70206e47266e2d9f5aeb
- SHA256
  
  ef7520c0e507c804fc5dd365395d118c342bda99efbea0b9a9988847c22e3476
- SHA512
  
  c4d85f99671094e866f83c465cc2fc1923d6cd7fa1962f3431471a8cf1ce13cbb51886ae0b7b7320c4e2fae77da29586d076ae8e32b59d3167b5ee4cdb1bc511
- SSDEEP
  
  393216:o+XjgI884sQiasvvLNOmYg3r3d51AyzmkiFmRuEj:o+XjS8XhasvvLNfpbN5aYgsgA
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy