blackmoon | fedd708d1934ff276287e5c58b8e0b110f66dbe2274889bf4fc4a686cd8e2c28 | Triage

Submit
Reports

Overview

overview

Static

static

fedd708d19...28.exe

windows7-x64

fedd708d19...28.exe

windows10-2004-x64

Sharing

General

Target

fedd708d1934ff276287e5c58b8e0b110f66dbe2274889bf4fc4a686cd8e2c28
Size

4.0MB
Sample

230724-jt83dsbf37
MD5

2b8cebcdc9b604c02a46f68ec92cd85e
SHA1

5f56325e4f78deeafc865bb942f86eb85ab9e5df
SHA256

fedd708d1934ff276287e5c58b8e0b110f66dbe2274889bf4fc4a686cd8e2c28
SHA512

35fafe44c7d4710f8f4aa78398cc6adf614645b90b6928ad93ed8a0b93ea7f4c3ffca740159c7ad37600e779237d78ad30340385bcf06d65f57d4de3d377f6e4
SSDEEP

98304:6LkCqK9jITuvn4LNfYWVV0FLOAkGkzdnEVomFHKnPr:ukCqM5AnV0FLOyomFHKnPr

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fedd708d1934ff276287e5c58b8e0b110f66dbe2274889bf4fc4a686cd8e2c28.exe

Resource

win7-20230712-en

blackmoon banker trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

fedd708d1934ff276287e5c58b8e0b110f66dbe2274889bf4fc4a686cd8e2c28.exe

Resource

win10v2004-20230703-en

blackmoon banker trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  fedd708d1934ff276287e5c58b8e0b110f66dbe2274889bf4fc4a686cd8e2c28
- Size
  
  4.0MB
- MD5
  
  2b8cebcdc9b604c02a46f68ec92cd85e
- SHA1
  
  5f56325e4f78deeafc865bb942f86eb85ab9e5df
- SHA256
  
  fedd708d1934ff276287e5c58b8e0b110f66dbe2274889bf4fc4a686cd8e2c28
- SHA512
  
  35fafe44c7d4710f8f4aa78398cc6adf614645b90b6928ad93ed8a0b93ea7f4c3ffca740159c7ad37600e779237d78ad30340385bcf06d65f57d4de3d377f6e4
- SSDEEP
  
  98304:6LkCqK9jITuvn4LNfYWVV0FLOAkGkzdnEVomFHKnPr:ukCqM5AnV0FLOyomFHKnPr
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy