blackmoon | 8e69f7b40845c53894602eceb2cf16b09aa52e905149e6f8f10481200c2d62a8 | Triage

Submit
Reports

Overview

overview

Static

static

7

8e69f7b408...a8.exe

windows7-x64

8e69f7b408...a8.exe

windows10-2004-x64

Sharing

General

Target

8e69f7b40845c53894602eceb2cf16b09aa52e905149e6f8f10481200c2d62a8
Size

3.0MB
Sample

231123-zsme1acc58
MD5

7f8b2250ae6320c2d72a2c422ebc9f98
SHA1

76b6e4d81d9eedfdea56fe99a8ded4c61dd37aa0
SHA256

8e69f7b40845c53894602eceb2cf16b09aa52e905149e6f8f10481200c2d62a8
SHA512

21526bea1adf151dc2c777e967ff5e6665a4f62f7efc171baf1b85be880228a38198c15b3e6e58f464bbd1224f84b18738e59d2b1794ca9a8bf899f258a31dde
SSDEEP

49152:PJxd6rnwFDP4vBkHep9Shf1HlV/mYLHCbE/xjA/B8MN0Jra3NuhzEYLXCGLcv7H:PJmrCDwim98RldfibEowaNooc3Lcv7H

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8e69f7b40845c53894602eceb2cf16b09aa52e905149e6f8f10481200c2d62a8.exe

Resource

win7-20231020-en

blackmoon aspackv2 banker trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8e69f7b40845c53894602eceb2cf16b09aa52e905149e6f8f10481200c2d62a8.exe

Resource

win10v2004-20231025-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e69f7b40845c53894602eceb2cf16b09aa52e905149e6f8f10481200c2d62a8
- Size
  
  3.0MB
- MD5
  
  7f8b2250ae6320c2d72a2c422ebc9f98
- SHA1
  
  76b6e4d81d9eedfdea56fe99a8ded4c61dd37aa0
- SHA256
  
  8e69f7b40845c53894602eceb2cf16b09aa52e905149e6f8f10481200c2d62a8
- SHA512
  
  21526bea1adf151dc2c777e967ff5e6665a4f62f7efc171baf1b85be880228a38198c15b3e6e58f464bbd1224f84b18738e59d2b1794ca9a8bf899f258a31dde
- SSDEEP
  
  49152:PJxd6rnwFDP4vBkHep9Shf1HlV/mYLHCbE/xjA/B8MN0Jra3NuhzEYLXCGLcv7H:PJmrCDwim98RldfibEowaNooc3Lcv7H
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy