blackmoon | e56e33e0eefa144cdd2f31afa5766b8a68c70bed2555c8e17018bc437dda43af

General

Target

e56e33e0eefa144cdd2f31afa5766b8a68c70bed2555c8e17018bc437dda43af
Size

11.2MB
Sample

231122-l3gevacc4t
MD5

5a23d360e07f385a92a6d1aa8f3989b9
SHA1

7cb6ca87324eec165876f23b004ef68130202a69
SHA256

e56e33e0eefa144cdd2f31afa5766b8a68c70bed2555c8e17018bc437dda43af
SHA512

5e3a87230c50265e168fc66c070a7d5dda94247ae8e7aa5940896b9426726725686837ba613a91da35ab5be8eb208821025dc6207021e60f1c3316a8ac846471
SSDEEP

196608:ICUeTvVXpc/9VF2rqY8XBZkh8+7RdpJyXtcznVxKNy/h6C7LYrInfOLldGSqd9I2:SCNpc/zF/xRUV1wcOy/sCbcU9j

Score

10^/10

Malware Config

Targets

- Target
  
  e56e33e0eefa144cdd2f31afa5766b8a68c70bed2555c8e17018bc437dda43af
- Size
  
  11.2MB
- MD5
  
  5a23d360e07f385a92a6d1aa8f3989b9
- SHA1
  
  7cb6ca87324eec165876f23b004ef68130202a69
- SHA256
  
  e56e33e0eefa144cdd2f31afa5766b8a68c70bed2555c8e17018bc437dda43af
- SHA512
  
  5e3a87230c50265e168fc66c070a7d5dda94247ae8e7aa5940896b9426726725686837ba613a91da35ab5be8eb208821025dc6207021e60f1c3316a8ac846471
- SSDEEP
  
  196608:ICUeTvVXpc/9VF2rqY8XBZkh8+7RdpJyXtcznVxKNy/h6C7LYrInfOLldGSqd9I2:SCNpc/zF/xRUV1wcOy/sCbcU9j
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2