blackmoon | 4b277416dfaec448fe46c00bbfd7452fc39088b950db1e726afc7a0e21e6133b | Triage

Submit
Reports

Overview

overview

Static

static

4b277416df...3b.exe

windows7-x64

7

4b277416df...3b.exe

windows10-2004-x64

Sharing

General

Target

4b277416dfaec448fe46c00bbfd7452fc39088b950db1e726afc7a0e21e6133b
Size

276KB
Sample

240418-q3nalseg82
MD5

4672d9ec8afed68730dbacf37313bbe9
SHA1

cddbaa96e181edc6ed29a347e72da58f4b4321f0
SHA256

4b277416dfaec448fe46c00bbfd7452fc39088b950db1e726afc7a0e21e6133b
SHA512

8d341ba5d88fcceeb9a2c69249a7609c002fbc03e44dc465fb437dc5f1b2de26e21c10565ccfe94505b6ba987367f7bbad69c9b7cd7213c940c98b9fe20d728b
SSDEEP

6144:0f2nHpwQwbzfo5QH2NYcr0rTNQ3wwVVBEsR2:0f2nHpwQwbzw5QH2Z0rhQA+B

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

4b277416dfaec448fe46c00bbfd7452fc39088b950db1e726afc7a0e21e6133b.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

4b277416dfaec448fe46c00bbfd7452fc39088b950db1e726afc7a0e21e6133b.exe

Resource

win10v2004-20240412-en

blackmoon banker trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  4b277416dfaec448fe46c00bbfd7452fc39088b950db1e726afc7a0e21e6133b
- Size
  
  276KB
- MD5
  
  4672d9ec8afed68730dbacf37313bbe9
- SHA1
  
  cddbaa96e181edc6ed29a347e72da58f4b4321f0
- SHA256
  
  4b277416dfaec448fe46c00bbfd7452fc39088b950db1e726afc7a0e21e6133b
- SHA512
  
  8d341ba5d88fcceeb9a2c69249a7609c002fbc03e44dc465fb437dc5f1b2de26e21c10565ccfe94505b6ba987367f7bbad69c9b7cd7213c940c98b9fe20d728b
- SSDEEP
  
  6144:0f2nHpwQwbzfo5QH2NYcr0rTNQ3wwVVBEsR2:0f2nHpwQwbzw5QH2Z0rhQA+B
Score

10^/10

upx blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy