blackmoon | 5e97aa3cdc85664da07e9990c5a27d40405ca94c3b00176c46525f0bd5cb3cfb | Triage

Submit
Reports

Overview

overview

Static

static

7

5e97aa3cdc...fb.exe

windows7-x64

5e97aa3cdc...fb.exe

windows10-2004-x64

Sharing

General

Target

5e97aa3cdc85664da07e9990c5a27d40405ca94c3b00176c46525f0bd5cb3cfb
Size

7.1MB
Sample

240403-htrbxaah74
MD5

91c1c0e9b72d654ab9b63b8970a003e1
SHA1

2006b01756c642ccec5043bd0a74f9def186e02e
SHA256

5e97aa3cdc85664da07e9990c5a27d40405ca94c3b00176c46525f0bd5cb3cfb
SHA512

cbed068af34021c4497a27c2c53239be73f83b8281f384f0393aaa32f88dfabe7a2ac21d410de885c3a4448f5a54a89557b2ab934cf5843675e525796a5df8cb
SSDEEP

196608:8Rv44PsUEXAy8rZbQxE129FX2knR1+oSZ7maSAU2Jj48KTOI:CP3EqZMxM29dRct7HjJ0AI

Score

10^/10

blackmoon banker trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5e97aa3cdc85664da07e9990c5a27d40405ca94c3b00176c46525f0bd5cb3cfb.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5e97aa3cdc85664da07e9990c5a27d40405ca94c3b00176c46525f0bd5cb3cfb.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e97aa3cdc85664da07e9990c5a27d40405ca94c3b00176c46525f0bd5cb3cfb
- Size
  
  7.1MB
- MD5
  
  91c1c0e9b72d654ab9b63b8970a003e1
- SHA1
  
  2006b01756c642ccec5043bd0a74f9def186e02e
- SHA256
  
  5e97aa3cdc85664da07e9990c5a27d40405ca94c3b00176c46525f0bd5cb3cfb
- SHA512
  
  cbed068af34021c4497a27c2c53239be73f83b8281f384f0393aaa32f88dfabe7a2ac21d410de885c3a4448f5a54a89557b2ab934cf5843675e525796a5df8cb
- SSDEEP
  
  196608:8Rv44PsUEXAy8rZbQxE129FX2knR1+oSZ7maSAU2Jj48KTOI:CP3EqZMxM29dRct7HjJ0AI
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy