blackmoon | 9227f3d1c0c946021e24e7eca8cf06d7f116b6bfb0becf92faaf121ed3af6619 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-04-27...id.exe

windows7-x64

2024-04-27...id.exe

windows10-2004-x64

Sharing

General

Target

2024-04-27_f9ee9fe02da00f16269252466916c2c9_icedid
Size

1.5MB
Sample

240427-f2grbscg5v
MD5

f9ee9fe02da00f16269252466916c2c9
SHA1

ae3632e9c85a96355d41d67eb6b611ecd810c299
SHA256

9227f3d1c0c946021e24e7eca8cf06d7f116b6bfb0becf92faaf121ed3af6619
SHA512

6256c2c303927f3a5bea1ee683efb3eb4488e33cc0bb5fec84f89e20e2e6c28be77faa48119aeda5d6b911e21b688d136cc541bbb339ea2eeb1c4a9d6f963295
SSDEEP

24576:VOOWTr4MZzxczyVPVaJwJu9i5HtjnhAl49dJURTiBDLPvvS:/W7ZzxNJi9utj+K94wJPXS

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-27_f9ee9fe02da00f16269252466916c2c9_icedid.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-27_f9ee9fe02da00f16269252466916c2c9_icedid.exe

Resource

win10v2004-20240419-en

blackmoon banker trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-27_f9ee9fe02da00f16269252466916c2c9_icedid
- Size
  
  1.5MB
- MD5
  
  f9ee9fe02da00f16269252466916c2c9
- SHA1
  
  ae3632e9c85a96355d41d67eb6b611ecd810c299
- SHA256
  
  9227f3d1c0c946021e24e7eca8cf06d7f116b6bfb0becf92faaf121ed3af6619
- SHA512
  
  6256c2c303927f3a5bea1ee683efb3eb4488e33cc0bb5fec84f89e20e2e6c28be77faa48119aeda5d6b911e21b688d136cc541bbb339ea2eeb1c4a9d6f963295
- SSDEEP
  
  24576:VOOWTr4MZzxczyVPVaJwJu9i5HtjnhAl49dJURTiBDLPvvS:/W7ZzxNJi9utj+K94wJPXS
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy