blackmoon | 5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7 | Triage

Submit
Reports

Overview

overview

Static

static

3

5590d70f60...a7.exe

windows7-x64

5590d70f60...a7.exe

windows10-2004-x64

Sharing

General

Target

5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7
Size

588KB
Sample

231008-qbfrfscb8t
MD5

1ebddfff697158465d7c0d23ed3ff9ff
SHA1

a9d549f35ed6394e9d4b1190f355fee3683a949a
SHA256

5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7
SHA512

614af970d2ab98162e563abb408d1bd771ab117e42923dbe293b5a21cbc5abef7a027240048bf12e953f7411a93c879276d525eb49e1481dfd1d94444bc0c926
SSDEEP

12288:Or+Cu0Q5PuhoVncbfF0fHx8QdB/NtfakNp8z2uDpTKubP4ofC0yqCE:Or+5dnncbfSfRvdDtfa8uDtUYZCE

Score

10^/10

blackmoon banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7.exe

Resource

win7-20230831-en

blackmoon banker trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7.exe

Resource

win10v2004-20230915-en

blackmoon banker trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7
- Size
  
  588KB
- MD5
  
  1ebddfff697158465d7c0d23ed3ff9ff
- SHA1
  
  a9d549f35ed6394e9d4b1190f355fee3683a949a
- SHA256
  
  5590d70f60784c46bc1efbd0219799de6cd5aa1571fe45d855b0ebe17cf8c8a7
- SHA512
  
  614af970d2ab98162e563abb408d1bd771ab117e42923dbe293b5a21cbc5abef7a027240048bf12e953f7411a93c879276d525eb49e1481dfd1d94444bc0c926
- SSDEEP
  
  12288:Or+Cu0Q5PuhoVncbfF0fHx8QdB/NtfakNp8z2uDpTKubP4ofC0yqCE:Or+5dnncbfSfRvdDtfa8uDtUYZCE
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2024

Terms | Privacy