blackmoon | f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586

General

Target

f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
Size

4.7MB
Sample

240522-rttxgaed28
MD5

ce5a02dbbbecfdf9897726db6ba09a0b
SHA1

05a203727a334153388184a030d3eff8534d611a
SHA256

f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
SHA512

d7e5a09cd93d4ccb1acac82eecd4b6c055b02792b8846644be028b0b9c11bb24771e2a94c4238267af108329cf86ec937751a876bd3299e4993e5abf7e840454
SSDEEP

98304:fFBWQlG4wlD4GfkehReReO2pAiNoXfsQi2GxhDxjM1gh9noS9oMPQq9EsZXQo:e3uD/exAWoP3Imgbo8oMJEsBQo

Score

10^/10

Malware Config

Targets

- Target
  
  f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
- Size
  
  4.7MB
- MD5
  
  ce5a02dbbbecfdf9897726db6ba09a0b
- SHA1
  
  05a203727a334153388184a030d3eff8534d611a
- SHA256
  
  f5ed77a77ea3fdf415e3379b8c3aa9480dd07a401da54dc4a2fcf2fcce807586
- SHA512
  
  d7e5a09cd93d4ccb1acac82eecd4b6c055b02792b8846644be028b0b9c11bb24771e2a94c4238267af108329cf86ec937751a876bd3299e4993e5abf7e840454
- SSDEEP
  
  98304:fFBWQlG4wlD4GfkehReReO2pAiNoXfsQi2GxhDxjM1gh9noS9oMPQq9EsZXQo:e3uD/exAWoP3Imgbo8oMJEsBQo
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

Drops file in Drivers directory

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Unexpected DNS network traffic destination

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2