Overview

overview

10

Static

static

10

3b2a14671a...03.exe

windows7-x64

7

3b2a14671a...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b2a14671a4f0ea12152874527663303

  • Size

    260KB

  • Sample

    231225-y6gw1ahcfn

  • MD5

    3b2a14671a4f0ea12152874527663303

  • SHA1

    30e6c17a0cd075e3947e82532800a0ae74fd1fc0

  • SHA256

    04e28b87b59c589e1a889384d82499b62e4c557d8bc972e8c9d656c9c153103e

  • SHA512

    67f2a5d5d616e6391cabd7649abaaa61afa9fda5c67f13f5af17b6b2336d876b728b2687170108773538f15bb6dbaed999a429c812fdab1f422cc2e027e1f12a

  • SSDEEP

    6144:lop3GqvWfVGiJjODSd0XuLwvr/eR2fq4P+yvDmIB:loRGqvqnJjODSWXMwvr/7fq49Dm

Score
10/10
blackmoonbankerpersistencetrojan

Malware Config

Targets

    • Target

      3b2a14671a4f0ea12152874527663303

    • Size

      260KB

    • MD5

      3b2a14671a4f0ea12152874527663303

    • SHA1

      30e6c17a0cd075e3947e82532800a0ae74fd1fc0

    • SHA256

      04e28b87b59c589e1a889384d82499b62e4c557d8bc972e8c9d656c9c153103e

    • SHA512

      67f2a5d5d616e6391cabd7649abaaa61afa9fda5c67f13f5af17b6b2336d876b728b2687170108773538f15bb6dbaed999a429c812fdab1f422cc2e027e1f12a

    • SSDEEP

      6144:lop3GqvWfVGiJjODSd0XuLwvr/eR2fq4P+yvDmIB:loRGqvqnJjODSWXMwvr/7fq49Dm

    Score
    10/10
    persistenceblackmoonbankertrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Deletes itself

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks