blackmoon | c39a91b1798facada14cd8e34fb1b9515e38cb157986bb0671a085bd316916f4 | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-19...id.exe

windows7-x64

2024-04-19...id.exe

windows10-2004-x64

Sharing

General

Target

2024-04-19_821ade96f211c8e5e170341e0c7bf95b_icedid
Size

4.7MB
Sample

240419-qqa5hsde45
MD5

821ade96f211c8e5e170341e0c7bf95b
SHA1

5959705dc9a1e6ac4919eb88a36e38bee8a5b099
SHA256

c39a91b1798facada14cd8e34fb1b9515e38cb157986bb0671a085bd316916f4
SHA512

8db4efe9fb764f65776ae672b4bdbf835a60883a1da6ec75f8e95dd7c60b6967eccae53037b8a4844ee3dbd19513f303474822092b78a41c1b675627297617c2
SSDEEP

49152:tfJWqbKNJ7UfY99lzHsw/ps+dVmq6uQM9ScUz53wJWqu2Nv61Ai2oB9Kgk6EaXtd:5JW+KNJoirAcyETNCSiLKwESgjMxSaRf

Score

10^/10

blackmoon banker trojan upx

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

2024-04-19_821ade96f211c8e5e170341e0c7bf95b_icedid.exe

Resource

win7-20240215-en

blackmoon banker trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-19_821ade96f211c8e5e170341e0c7bf95b_icedid.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-19_821ade96f211c8e5e170341e0c7bf95b_icedid
- Size
  
  4.7MB
- MD5
  
  821ade96f211c8e5e170341e0c7bf95b
- SHA1
  
  5959705dc9a1e6ac4919eb88a36e38bee8a5b099
- SHA256
  
  c39a91b1798facada14cd8e34fb1b9515e38cb157986bb0671a085bd316916f4
- SHA512
  
  8db4efe9fb764f65776ae672b4bdbf835a60883a1da6ec75f8e95dd7c60b6967eccae53037b8a4844ee3dbd19513f303474822092b78a41c1b675627297617c2
- SSDEEP
  
  49152:tfJWqbKNJ7UfY99lzHsw/ps+dVmq6uQM9ScUz53wJWqu2Nv61Ai2oB9Kgk6EaXtd:5JW+KNJoirAcyETNCSiLKwESgjMxSaRf
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Detects Windows executables referencing non-Windows User-Agents
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy