blackmoon | d3a64f10c3ffee75d8871e56b86cfb5addd2bd8c791fffac87c29ac811d05305 | Triage

Submit
Reports

Overview

overview

Static

static

3

d3a64f10c3...05.exe

windows7-x64

d3a64f10c3...05.exe

windows10-2004-x64

Sharing

General

Target

d3a64f10c3ffee75d8871e56b86cfb5addd2bd8c791fffac87c29ac811d05305
Size

4.5MB
Sample

240522-qrffmadb7y
MD5

538973fb715f9657d6369b95880d034f
SHA1

0ea309bdf440b33d3e0d718abbf7543a9760c21e
SHA256

d3a64f10c3ffee75d8871e56b86cfb5addd2bd8c791fffac87c29ac811d05305
SHA512

736c2fb40eb8b34d3f0a7735fdd06647a432d7c4650b2ad9c3e58e4da9486621a42513198fff2ce9279fb2250a9d79b96232f31d2a06605e0de23c9bd4e48822
SSDEEP

98304:GRsbxSZ5w64GYL/6YEA6CXRZLhsK3oUFrieBQJ4OiZrq1DfPHNADtV6v+pT:GKbgIGhG3oUF+M24O7NADtV6v+p

Score

10^/10

blackmoon banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d3a64f10c3ffee75d8871e56b86cfb5addd2bd8c791fffac87c29ac811d05305.exe

Resource

win7-20240221-en

blackmoon banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3a64f10c3ffee75d8871e56b86cfb5addd2bd8c791fffac87c29ac811d05305.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3a64f10c3ffee75d8871e56b86cfb5addd2bd8c791fffac87c29ac811d05305
- Size
  
  4.5MB
- MD5
  
  538973fb715f9657d6369b95880d034f
- SHA1
  
  0ea309bdf440b33d3e0d718abbf7543a9760c21e
- SHA256
  
  d3a64f10c3ffee75d8871e56b86cfb5addd2bd8c791fffac87c29ac811d05305
- SHA512
  
  736c2fb40eb8b34d3f0a7735fdd06647a432d7c4650b2ad9c3e58e4da9486621a42513198fff2ce9279fb2250a9d79b96232f31d2a06605e0de23c9bd4e48822
- SSDEEP
  
  98304:GRsbxSZ5w64GYL/6YEA6CXRZLhsK3oUFrieBQJ4OiZrq1DfPHNADtV6v+pT:GKbgIGhG3oUF+M24O7NADtV6v+p
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2024

Terms | Privacy