blackmoon | 8f02c6e234cf3b3c7b5f44f666095093bb1994ffdb9b7af8a4493245718231ac | Triage

Submit
Reports

Overview

overview

Static

static

7

点击此�...��.exe

windows7-x64

点击此�...��.exe

windows10-2004-x64

Sharing

General

Target

点击此处安装语言包.exe
Size

684KB
Sample

240423-kslq5seh9t
MD5

d5620f185a317bd0f7ab1748a694fd74
SHA1

76a21af9f5633025529a01840f8df0beaa28268d
SHA256

8f02c6e234cf3b3c7b5f44f666095093bb1994ffdb9b7af8a4493245718231ac
SHA512

a136a321978ae8dcc4a37a1159ea94bdb412f07184028b25a35a24b660813afd47554c8502fcaa57370242a4c597a626fdf054a0298ae1b70cf0e7ff2cf9fa02
SSDEEP

12288:LpmaUPwIzTxi+el926/2QHuoKzSxy98GxamDvW3Lj6wpfnyaC+6Ft9:IHwIxi+02oSf6kVDqLltm+m9

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

点击此处安装语言包.exe

Resource

win7-20231129-en

blackmoon banker trojan vmprotect

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

点击此处安装语言包.exe

Resource

win10v2004-20240412-en

blackmoon banker trojan vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  点击此处安装语言包.exe
- Size
  
  684KB
- MD5
  
  d5620f185a317bd0f7ab1748a694fd74
- SHA1
  
  76a21af9f5633025529a01840f8df0beaa28268d
- SHA256
  
  8f02c6e234cf3b3c7b5f44f666095093bb1994ffdb9b7af8a4493245718231ac
- SHA512
  
  a136a321978ae8dcc4a37a1159ea94bdb412f07184028b25a35a24b660813afd47554c8502fcaa57370242a4c597a626fdf054a0298ae1b70cf0e7ff2cf9fa02
- SSDEEP
  
  12288:LpmaUPwIzTxi+el926/2QHuoKzSxy98GxamDvW3Lj6wpfnyaC+6Ft9:IHwIxi+02oSf6kVDqLltm+m9
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2024

Terms | Privacy