blackmoon | 0614ffd703c7d4f6c45cfa65f49d9fdd9c433efc532037185ef05ce694e0746d | Triage

Submit
Reports

Overview

overview

Static

static

1

AIcoin.exe

windows7-x64

AIcoin.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

AIcoin.exe
Size

76.9MB
Sample

240127-p6j7paceg9
MD5

cf3deb77043e5b73db5c85465dfa5de0
SHA1

b445283fbd7b08ade87d8ff9ebe4d0583c5c5133
SHA256

0614ffd703c7d4f6c45cfa65f49d9fdd9c433efc532037185ef05ce694e0746d
SHA512

83e40ffb72a0bfd3689f24792e6a66e61569d92c60e3738b7ebe9df0d655f54667c934d3787624a093932f186bd82544928b18d9bfb105d7f2a05564b40b4da9
SSDEEP

1572864:FdKv+HGnrxab+m11do9eCHSeZzgTQSugteyaPdBMAYxZVZWPY8ihHRE0NeY:uvPnYb+m11dd4Syjdd8ZVZrXHi0P

Score

10^/10

blackmoon banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

AIcoin.exe

Resource

win7-20231129-en

blackmoon banker discovery persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

AIcoin.exe

Resource

win10v2004-20231222-en

blackmoon banker discovery persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  AIcoin.exe
- Size
  
  76.9MB
- MD5
  
  cf3deb77043e5b73db5c85465dfa5de0
- SHA1
  
  b445283fbd7b08ade87d8ff9ebe4d0583c5c5133
- SHA256
  
  0614ffd703c7d4f6c45cfa65f49d9fdd9c433efc532037185ef05ce694e0746d
- SHA512
  
  83e40ffb72a0bfd3689f24792e6a66e61569d92c60e3738b7ebe9df0d655f54667c934d3787624a093932f186bd82544928b18d9bfb105d7f2a05564b40b4da9
- SSDEEP
  
  1572864:FdKv+HGnrxab+m11do9eCHSeZzgTQSugteyaPdBMAYxZVZWPY8ihHRE0NeY:uvPnYb+m11dd4Syjdd8ZVZrXHi0P
Score

10^/10

blackmoon banker discovery persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverypersistencetrojan

behavioral2

blackmoonbankerdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy