blackmoon | e6558cbd6922a293e91c0b292ef58494affd161a1e8c61d220fd8d2554505668 | Triage

Submit
Reports

Overview

overview

Static

static

41c354f1ce...cs.exe

windows7-x64

41c354f1ce...cs.exe

windows10-2004-x64

Sharing

General

Target

41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe
Size

355KB
Sample

240522-1f7qvahf5v
MD5

41c354f1ced98b4a8b39cb0af6482550
SHA1

b1c731090a1467ad288c30c7af3182aea7fff832
SHA256

e6558cbd6922a293e91c0b292ef58494affd161a1e8c61d220fd8d2554505668
SHA512

231778cb6de65cbe23f83879d1b218699584d134ca8c7d40035fbf3bc3a764d0ad0d1d7ae17ca10fb5d3d9939f3047457fec50f78dd5fb1b3d7c76de4481415b
SSDEEP

6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oi:/qvMQ5ibjnwka3pbRC19Gw/Nsoi

Score

10^/10

blackmoon banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe

Resource

win7-20240221-en

blackmoon banker trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe
- Size
  
  355KB
- MD5
  
  41c354f1ced98b4a8b39cb0af6482550
- SHA1
  
  b1c731090a1467ad288c30c7af3182aea7fff832
- SHA256
  
  e6558cbd6922a293e91c0b292ef58494affd161a1e8c61d220fd8d2554505668
- SHA512
  
  231778cb6de65cbe23f83879d1b218699584d134ca8c7d40035fbf3bc3a764d0ad0d1d7ae17ca10fb5d3d9939f3047457fec50f78dd5fb1b3d7c76de4481415b
- SSDEEP
  
  6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oi:/qvMQ5ibjnwka3pbRC19Gw/Nsoi
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2024

Terms | Privacy