blackmoon | 4054ab1f3bd34584e36c29b18cd5e3155f25aec3772e285213652d69ea811e7a | Triage

Submit
Reports

Overview

overview

Static

static

7

4054ab1f3b...cs.exe

windows7-x64

4054ab1f3b...cs.exe

windows10-2004-x64

Sharing

General

Target

4054ab1f3bd34584e36c29b18cd5e3155f25aec3772e285213652d69ea811e7a_NeikiAnalytics
Size

169KB
Sample

240521-nlvx1sca2y
MD5

fe82ddf1dc3aaf5cd49ba7ac7d867cc0
SHA1

0a34a4827cf78f6a1434edce132af7bd7f86ae00
SHA256

4054ab1f3bd34584e36c29b18cd5e3155f25aec3772e285213652d69ea811e7a
SHA512

ec8a0fcd00e090ee1deafb967ff8b7d4f5b61329331e929fcefcf7cdcfa0bfc43f76e3f6442bd16ffc266943f2603befa2c1879033e2889d3be539f557409b8b
SSDEEP

1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai2K:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8VX

Score

10^/10

blackmoon banker persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4054ab1f3bd34584e36c29b18cd5e3155f25aec3772e285213652d69ea811e7a_NeikiAnalytics.exe

Resource

win7-20231129-en

blackmoon banker persistence trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4054ab1f3bd34584e36c29b18cd5e3155f25aec3772e285213652d69ea811e7a_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  4054ab1f3bd34584e36c29b18cd5e3155f25aec3772e285213652d69ea811e7a_NeikiAnalytics
- Size
  
  169KB
- MD5
  
  fe82ddf1dc3aaf5cd49ba7ac7d867cc0
- SHA1
  
  0a34a4827cf78f6a1434edce132af7bd7f86ae00
- SHA256
  
  4054ab1f3bd34584e36c29b18cd5e3155f25aec3772e285213652d69ea811e7a
- SHA512
  
  ec8a0fcd00e090ee1deafb967ff8b7d4f5b61329331e929fcefcf7cdcfa0bfc43f76e3f6442bd16ffc266943f2603befa2c1879033e2889d3be539f557409b8b
- SSDEEP
  
  1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai2K:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8VX
Score

10^/10

blackmoon banker persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy