blackmoon | baa6c9da5b502377205f6f9531afecba5f56e7977ea547e521aca7174d260909 | Triage

Submit
Reports

Overview

overview

Static

static

baa6c9da5b...09.dll

windows7-x64

baa6c9da5b...09.dll

windows10-2004-x64

Sharing

General

Target

baa6c9da5b502377205f6f9531afecba5f56e7977ea547e521aca7174d260909
Size

500KB
Sample

231201-m63b6ahc63
MD5

d39fd459b42b0807fb0388833305c00d
SHA1

2193dc7415dcfc3ba64c7d630a3addd557db1e10
SHA256

baa6c9da5b502377205f6f9531afecba5f56e7977ea547e521aca7174d260909
SHA512

80376f28e47ac4f196fd6da8f6aa0ec17e400e1e809bbc9ec0ccca0c1ba812ff40a7a05e2e59d081d472bae05c8984418b940283d6c78a41ae88a218ec072b1b
SSDEEP

12288:ufxf2hROSRDLR5nWFpPoSNeN2XoSFv692ezH+bw:ufBoROs6bveUjv692eEw

Score

10^/10

blackmoon ramnit banker spyware stealer trojan upx worm

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

baa6c9da5b502377205f6f9531afecba5f56e7977ea547e521aca7174d260909.dll

Resource

win7-20231023-en

blackmoon ramnit banker spyware stealer trojan upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

baa6c9da5b502377205f6f9531afecba5f56e7977ea547e521aca7174d260909.dll

Resource

win10v2004-20231127-en

blackmoon banker trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  baa6c9da5b502377205f6f9531afecba5f56e7977ea547e521aca7174d260909
- Size
  
  500KB
- MD5
  
  d39fd459b42b0807fb0388833305c00d
- SHA1
  
  2193dc7415dcfc3ba64c7d630a3addd557db1e10
- SHA256
  
  baa6c9da5b502377205f6f9531afecba5f56e7977ea547e521aca7174d260909
- SHA512
  
  80376f28e47ac4f196fd6da8f6aa0ec17e400e1e809bbc9ec0ccca0c1ba812ff40a7a05e2e59d081d472bae05c8984418b940283d6c78a41ae88a218ec072b1b
- SSDEEP
  
  12288:ufxf2hROSRDLR5nWFpPoSNeN2XoSFv692ezH+bw:ufBoROs6bveUjv692eEw
Score

10^/10

blackmoon ramnit banker spyware stealer trojan upx worm
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonramnitbankerspywarestealertrojanupxworm

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy