blackmoon | 1537569c525da9c80578a555c4a73b10cf4340a23cc08e0da608e94dbe12701c

General

Target

1537569c525da9c80578a555c4a73b10cf4340a23cc08e0da608e94dbe12701c
Size

8.0MB
Sample

240522-qymhhsdd56
MD5

88a791ca7c9bd7b04efcb778adaaf9c6
SHA1

dc1afe479978148aa15b7381b2b6b3a5e22248e6
SHA256

1537569c525da9c80578a555c4a73b10cf4340a23cc08e0da608e94dbe12701c
SHA512

a2a4c5d7b8df2921450cc664481f75d2be654746133988c49ce9896c749db64a65bbdd0104f1326d647016a3f0c9dc5754e95061f1cbafb109b3fb60b1f35ea1
SSDEEP

196608:8Rv44PbN62rYru3efvUPgyvx8AaDbhkEaXtcg6UuYl3mKXzGefry:CPPcXf83kv2fttPl/ry

Score

10^/10

Malware Config

Targets

- Target
  
  1537569c525da9c80578a555c4a73b10cf4340a23cc08e0da608e94dbe12701c
- Size
  
  8.0MB
- MD5
  
  88a791ca7c9bd7b04efcb778adaaf9c6
- SHA1
  
  dc1afe479978148aa15b7381b2b6b3a5e22248e6
- SHA256
  
  1537569c525da9c80578a555c4a73b10cf4340a23cc08e0da608e94dbe12701c
- SHA512
  
  a2a4c5d7b8df2921450cc664481f75d2be654746133988c49ce9896c749db64a65bbdd0104f1326d647016a3f0c9dc5754e95061f1cbafb109b3fb60b1f35ea1
- SSDEEP
  
  196608:8Rv44PbN62rYru3efvUPgyvx8AaDbhkEaXtcg6UuYl3mKXzGefry:CPPcXf83kv2fttPl/ry
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

Checks BIOS information in registry

Deletes itself

Executes dropped EXE

Loads dropped DLL

UPX packed file

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2