Overview

overview

10

Static

static

3

b0b9660a8e...1a.exe

windows7-x64

10

b0b9660a8e...1a.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b0b9660a8e6ebf228822547ddf57c17a932f9c920d127cb3b64b32c9b9504d1a

  • Size

    1.0MB

  • Sample

    240112-jfv9dacff6

  • MD5

    976dae784d588e83d2b982440a0b49b2

  • SHA1

    2e89b01466d41ad56ab94d0d26d2bda5278fbde7

  • SHA256

    b0b9660a8e6ebf228822547ddf57c17a932f9c920d127cb3b64b32c9b9504d1a

  • SHA512

    d6b0ebbf47b47ccfceb7438e83b8d12c1595000075bdd1fd5df982ee298deca472f075a6d504096d9bb74b4f8ee5c18cb8033e6f8682b812deaeb4601d01c6c7

  • SSDEEP

    24576:hlR3W+VUl+iJyv4kNENUkGIO3kaCkspl2L5J:hl0+Vi+iA9KNmVC1GL

Score
10/10
blackmoonbankerpersistencetrojan

Malware Config

Targets

    • Target

      b0b9660a8e6ebf228822547ddf57c17a932f9c920d127cb3b64b32c9b9504d1a

    • Size

      1.0MB

    • MD5

      976dae784d588e83d2b982440a0b49b2

    • SHA1

      2e89b01466d41ad56ab94d0d26d2bda5278fbde7

    • SHA256

      b0b9660a8e6ebf228822547ddf57c17a932f9c920d127cb3b64b32c9b9504d1a

    • SHA512

      d6b0ebbf47b47ccfceb7438e83b8d12c1595000075bdd1fd5df982ee298deca472f075a6d504096d9bb74b4f8ee5c18cb8033e6f8682b812deaeb4601d01c6c7

    • SSDEEP

      24576:hlR3W+VUl+iJyv4kNENUkGIO3kaCkspl2L5J:hl0+Vi+iA9KNmVC1GL

    Score
    10/10
    blackmoonbankerpersistencetrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks