blackmoon | aafa55831b65c06f4c8e1f3037364862b05c8518ebb7506b826b3e5f71a79b84

Sharing

Copy URL

Twitter E-mail

General

Target

5dc8d4d250d8ad95108106812053f12e_JaffaCakes118
Size

5.1MB
Sample

240520-hxk93aha63
MD5

5dc8d4d250d8ad95108106812053f12e
SHA1

ba67d6de7a81333e273213d2b485e8d58c63e479
SHA256

aafa55831b65c06f4c8e1f3037364862b05c8518ebb7506b826b3e5f71a79b84
SHA512

877ecb35c364d56690bc2f72fa084f074ad9179dd0dbe5d60d303e4544c0383b2d7c0abbf0c0517655c1349e45147627533b53acf37e19cde324006ce2266257
SSDEEP

98304:+qvpi1bMi7gJEV2771PZubvL/6A6H4hmRbN17hDqSwNKPO3ToUu4cxKT:Po1b/hV2zueL4hETrSKW3ToR48KT

Score

10^/10

Malware Config

Targets

- Target
  
  Dig Or Die V0.046.dll
- Size
  
  4.2MB
- MD5
  
  34e0da6d8448ea13404f35e8c77da607
- SHA1
  
  a4bcc0276388057bbb8639634ee2d71cc29b67ed
- SHA256
  
  d31a71fe8d11734649f71a1769463a9eafdbfa2df368f318b5f9a13eadad542c
- SHA512
  
  c52d187a74333db954e66cd6000a66d010db60142c88e07dfcc429c2f3790da69dde7a963927ad3174dd2496222b4bdd9fba05ddf2d1fde64fa9771533a90926
- SSDEEP
  
  98304:tL8q/Zc/BYrge6/Bev98bt3YGJxpwZMtQAtgU5:tRIyZ6Zev98x3JfEfa5
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  IFG.dll
- Size
  
  16KB
- MD5
  
  f2057b1fe8d4f94ce85a780a83ca91b1
- SHA1
  
  fd3ac5352c04b9e474528d990502d62ee8bbc1fe
- SHA256
  
  60773f548cd10df618283f3a82dd3988142e23c1e6506c32597f268333c15bdf
- SHA512
  
  d096b8d0c57ba0af9cbb150a5fcb22a47b9c482f26d6bc9d2e621a70b12b53efa26e2eacc4e4092a3f8526410bee9e78fe93378121cad545e09ebe2f502a0026
- SSDEEP
  
  96:ekqGjuhvTj85qNSuANMl6uiCo0GUSrX5Ei2:zSFH85UlANaihjWi
Score

1^/10
behavioral3 behavioral4
- Target
  
  lol界面修改器v11.0.exe
- Size
  
  2.1MB
- MD5
  
  9fa4a20977b018bd96f8ae0be907444b
- SHA1
  
  0f62ffcfd58e7b98a41d7dd708c84d19eb785ef3
- SHA256
  
  250ff5489c72c97b4cea4e849ce8a638774e51c9632915668b1b0c3455b5f3c4
- SHA512
  
  715b88825d9ed4da770f4c226a37e57e589e1806a4e000fdfba223cc94647e89c6bca793f194fb27fa98436b57aaa074f1bdad7054070a60daf295810e542c1a
- SSDEEP
  
  49152:p1Kx6J8AqA+exegCSW8dAcDcfPd76vIcXO5oioLTgAHaAtsdZnqx4aqG74OrwbIc:pnC7+USdBVTdb
Score

10^/10

blackmoon banker execution persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  sysbin.exe
- Size
  
  243KB
- MD5
  
  efa25924138ef8e4ad1d6438fe9dcd59
- SHA1
  
  629dfd73a63e9959ac4818042aec940b2ba3818a
- SHA256
  
  d0977ae7f56174dba4e334241d1c91a11d5f5977e3f602947515c0eb98da8555
- SHA512
  
  6ad59f237ec2b1764d0f166656fc3840439d9ce2cb809384fea9e65e51dead6ddd7e26e5d340f0b8a84fcde24c12af15994f9cb3eb14658b659b5d3bb61c7c7b
- SSDEEP
  
  6144:T7kvUwPwxmnriXB3ggz43Nb8y0olOjIcQwGte:T7mP5riXB3K3hlZwGte
Score

10^/10

blackmoon banker execution persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Blackmoon, KrBanker

Detect Blackmoon payload

Modifies Installed Components in the registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Blackmoon, KrBanker

Detect Blackmoon payload

Modifies Installed Components in the registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8