blackmoon | 123dcccd2da5b7e658a930bb036ad84073b10969877bfdc557a2e3b6549260d6 | Triage

Submit
Reports

Overview

overview

Static

static

34baf560df...JC.exe

windows7-x64

34baf560df...JC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

34baf560dfa05d8cf1e6fbde53f05363_icedid_xiaobaminer_JC.exe
Size

5.0MB
Sample

230801-v1nktaac22
MD5

34baf560dfa05d8cf1e6fbde53f05363
SHA1

76d650de345ce8463b644b532542ee2d09b4c9ef
SHA256

123dcccd2da5b7e658a930bb036ad84073b10969877bfdc557a2e3b6549260d6
SHA512

090ac0e4c80b7d74feb92a682859af0d82e0197b13f69a882a2ca5ab180571566a7093d0690bd2a4a390938d2dfd39d3ef79f582f51d405a9ddbfb7316c42631
SSDEEP

49152:9bYwIkppisrPa0PdWbYwIkppisrPa0PdU0ThmEf2hvZPzN/xw6n1wRjJm6K4MCc4:yciK9ciKucf2xZPzNsG4086Lwb

Score

10^/10

blackmoon banker evasion persistence spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

34baf560dfa05d8cf1e6fbde53f05363_icedid_xiaobaminer_JC.exe

Resource

win7-20230712-en

blackmoon banker evasion persistence spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

34baf560dfa05d8cf1e6fbde53f05363_icedid_xiaobaminer_JC.exe

Resource

win10v2004-20230703-en

blackmoon banker evasion persistence spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  34baf560dfa05d8cf1e6fbde53f05363_icedid_xiaobaminer_JC.exe
- Size
  
  5.0MB
- MD5
  
  34baf560dfa05d8cf1e6fbde53f05363
- SHA1
  
  76d650de345ce8463b644b532542ee2d09b4c9ef
- SHA256
  
  123dcccd2da5b7e658a930bb036ad84073b10969877bfdc557a2e3b6549260d6
- SHA512
  
  090ac0e4c80b7d74feb92a682859af0d82e0197b13f69a882a2ca5ab180571566a7093d0690bd2a4a390938d2dfd39d3ef79f582f51d405a9ddbfb7316c42631
- SSDEEP
  
  49152:9bYwIkppisrPa0PdWbYwIkppisrPa0PdU0ThmEf2hvZPzN/xw6n1wRjJm6K4MCc4:yciK9ciKucf2xZPzNsG4086Lwb
Score

10^/10

blackmoon banker evasion persistence spyware stealer trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerevasionpersistencespywarestealertrojan

behavioral2

blackmoonbankerevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy