blackmoon | 2d04be6d0b684c9c116f9f72696c15e91240ea4cded41ad6a72da6e29c35b283 | Triage

Submit
Reports

Overview

overview

Static

static

2d04be6d0b...83.exe

windows7-x64

2d04be6d0b...83.exe

windows10-2004-x64

Sharing

General

Target

2d04be6d0b684c9c116f9f72696c15e91240ea4cded41ad6a72da6e29c35b283.exe
Size

89KB
Sample

240522-p9e25scd3v
MD5

28d9183f17f18655ad1b77eaf006ac50
SHA1

cbcb9be8ae343f977c56f94a84e00c9b0c0e2aeb
SHA256

2d04be6d0b684c9c116f9f72696c15e91240ea4cded41ad6a72da6e29c35b283
SHA512

4bab4b79095f2542f369c28a28ba2aade894e4740767459fd2b7749ded439e970591f14282ead29d5a533925c6b9deb3db492af2458b413d328ba049dea0b32e
SSDEEP

1536:5+4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSZhCQbIo/tSP:dq6OLM3QasY5Ft71fqWWp+efG4hCQrq

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2d04be6d0b684c9c116f9f72696c15e91240ea4cded41ad6a72da6e29c35b283.exe

Resource

win7-20240508-en

blackmoon banker trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d04be6d0b684c9c116f9f72696c15e91240ea4cded41ad6a72da6e29c35b283.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2d04be6d0b684c9c116f9f72696c15e91240ea4cded41ad6a72da6e29c35b283.exe
- Size
  
  89KB
- MD5
  
  28d9183f17f18655ad1b77eaf006ac50
- SHA1
  
  cbcb9be8ae343f977c56f94a84e00c9b0c0e2aeb
- SHA256
  
  2d04be6d0b684c9c116f9f72696c15e91240ea4cded41ad6a72da6e29c35b283
- SHA512
  
  4bab4b79095f2542f369c28a28ba2aade894e4740767459fd2b7749ded439e970591f14282ead29d5a533925c6b9deb3db492af2458b413d328ba049dea0b32e
- SSDEEP
  
  1536:5+4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSZhCQbIo/tSP:dq6OLM3QasY5Ft71fqWWp+efG4hCQrq
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy