blackmoon | c7d30b5ea07e7f38338401d6af2351330a71086e08301d32d1ad040c42b8c9fe | Triage

Submit
Reports

Overview

overview

Static

static

c7d30b5ea0...fe.exe

windows7-x64

c7d30b5ea0...fe.exe

windows10-2004-x64

Sharing

General

Target

c7d30b5ea07e7f38338401d6af2351330a71086e08301d32d1ad040c42b8c9fe
Size

3.1MB
Sample

230724-k4sc3acb63
MD5

dc624574ef8e4cb6a209144239a7f7cc
SHA1

20579df621fb9592da238eab9bc8b0c0f960dbb9
SHA256

c7d30b5ea07e7f38338401d6af2351330a71086e08301d32d1ad040c42b8c9fe
SHA512

45008753ca6aef84b82d1b0aebf19743d19af6c63716b32c223c3b3efb0e7ef1d8e78d5fcc2d8ba35f1b830890a85eed776aae5c6fa4c2ed026bca7191ef295d
SSDEEP

49152:n9s5LPkdVO3K46FKCSoJhMPmuYnH7mSl5cTsp/UJQyKnzZ/Yeco/rZj:+Z3K46FKDKMPMnHRcQqYZ

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

c7d30b5ea07e7f38338401d6af2351330a71086e08301d32d1ad040c42b8c9fe.exe

Resource

win7-20230712-en

blackmoon banker trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c7d30b5ea07e7f38338401d6af2351330a71086e08301d32d1ad040c42b8c9fe.exe

Resource

win10v2004-20230703-en

blackmoon banker trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  c7d30b5ea07e7f38338401d6af2351330a71086e08301d32d1ad040c42b8c9fe
- Size
  
  3.1MB
- MD5
  
  dc624574ef8e4cb6a209144239a7f7cc
- SHA1
  
  20579df621fb9592da238eab9bc8b0c0f960dbb9
- SHA256
  
  c7d30b5ea07e7f38338401d6af2351330a71086e08301d32d1ad040c42b8c9fe
- SHA512
  
  45008753ca6aef84b82d1b0aebf19743d19af6c63716b32c223c3b3efb0e7ef1d8e78d5fcc2d8ba35f1b830890a85eed776aae5c6fa4c2ed026bca7191ef295d
- SSDEEP
  
  49152:n9s5LPkdVO3K46FKCSoJhMPmuYnH7mSl5cTsp/UJQyKnzZ/Yeco/rZj:+Z3K46FKDKMPMnHRcQqYZ
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy