Overview

overview

10

Static

static

3

94aa305bbd...b6.exe

windows7-x64

10

94aa305bbd...b6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    94aa305bbd1af4ea44023508eee5ff955fc0034e1b0bed89b4057409246d0eb6

  • Size

    1.4MB

  • Sample

    240118-jce3zsfahr

  • MD5

    bd3c558ae8c93b17ffcd061d5e36d37e

  • SHA1

    b09451542b0cc9a7be8b73bfc6f132c7d4b8d208

  • SHA256

    94aa305bbd1af4ea44023508eee5ff955fc0034e1b0bed89b4057409246d0eb6

  • SHA512

    a44b7c7c5dd863b9bc0015fefdfdc0ec5d85c86950cecdc6c871c3ece7fdbc3b0afb62006fee2a8b3dd9fd9877de1bc5b206bac9359fe004674551f31871fd7d

  • SSDEEP

    24576:BlR3W+VUl+iJyv4dNENUkGIO3kaCkspl2L5lWh:Bl0+Vi+iAUKNmVC1GL

Score
10/10
blackmoonbankerpersistencetrojan

Malware Config

Targets

    • Target

      94aa305bbd1af4ea44023508eee5ff955fc0034e1b0bed89b4057409246d0eb6

    • Size

      1.4MB

    • MD5

      bd3c558ae8c93b17ffcd061d5e36d37e

    • SHA1

      b09451542b0cc9a7be8b73bfc6f132c7d4b8d208

    • SHA256

      94aa305bbd1af4ea44023508eee5ff955fc0034e1b0bed89b4057409246d0eb6

    • SHA512

      a44b7c7c5dd863b9bc0015fefdfdc0ec5d85c86950cecdc6c871c3ece7fdbc3b0afb62006fee2a8b3dd9fd9877de1bc5b206bac9359fe004674551f31871fd7d

    • SSDEEP

      24576:BlR3W+VUl+iJyv4dNENUkGIO3kaCkspl2L5lWh:Bl0+Vi+iAUKNmVC1GL

    Score
    10/10
    blackmoonbankerpersistencetrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks