blackmoon | 676494941a3d58b29f2c1c99a85ebb1ea01189eef4483c0a231da2c9074c522c | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-04-27...id.exe

windows7-x64

2024-04-27...id.exe

windows10-2004-x64

Sharing

General

Target

2024-04-27_fd4dcaa68aad40970bd09cb6bbb6d463_icedid
Size

1.3MB
Sample

240427-f24k4aca66
MD5

fd4dcaa68aad40970bd09cb6bbb6d463
SHA1

528831a95b707ae185d97cf2855e63aa241623fc
SHA256

676494941a3d58b29f2c1c99a85ebb1ea01189eef4483c0a231da2c9074c522c
SHA512

dfc365186cd1bf6de6239eedaa42e5ef633faa88ea15b9f70711ada66a6aaacd5f33401912ab6797ffe445460298be416cf7469be9a3110403c8ca9a095816a0
SSDEEP

12288:WCrO3gDTN14MWUJzlzczyVaYQzoLGi5HwKQDI13gqx8pXyHC:WOOWTr4MZzxczyVyi5QXBW8Mi

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-27_fd4dcaa68aad40970bd09cb6bbb6d463_icedid.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-27_fd4dcaa68aad40970bd09cb6bbb6d463_icedid.exe

Resource

win10v2004-20240419-en

blackmoon banker trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-27_fd4dcaa68aad40970bd09cb6bbb6d463_icedid
- Size
  
  1.3MB
- MD5
  
  fd4dcaa68aad40970bd09cb6bbb6d463
- SHA1
  
  528831a95b707ae185d97cf2855e63aa241623fc
- SHA256
  
  676494941a3d58b29f2c1c99a85ebb1ea01189eef4483c0a231da2c9074c522c
- SHA512
  
  dfc365186cd1bf6de6239eedaa42e5ef633faa88ea15b9f70711ada66a6aaacd5f33401912ab6797ffe445460298be416cf7469be9a3110403c8ca9a095816a0
- SSDEEP
  
  12288:WCrO3gDTN14MWUJzlzczyVaYQzoLGi5HwKQDI13gqx8pXyHC:WOOWTr4MZzxczyVyi5QXBW8Mi
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy