blackmoon | 098de707006e51720fdabf6b29bbd7ed6cc542c62ec19c6b104c4cc3a7289c59 | Triage

Submit
Reports

Overview

overview

Static

static

7

098de70700...59.exe

windows7-x64

098de70700...59.exe

windows10-2004-x64

Sharing

General

Target

098de707006e51720fdabf6b29bbd7ed6cc542c62ec19c6b104c4cc3a7289c59
Size

7.2MB
Sample

240522-sv716afg95
MD5

643921cac760b978cad19942c52976ce
SHA1

43f5a6f4716b9a00177c0deb9aaed2be12ca8283
SHA256

098de707006e51720fdabf6b29bbd7ed6cc542c62ec19c6b104c4cc3a7289c59
SHA512

c12336685d997d31eb9912506b0951c8ea38e9fa679ed6c27a549f747eed4a1fcc2d84c31c395128398769a69858096e3474a70e06f05e308fe826921f550cd1
SSDEEP

196608:8Rv44PE6K4+auUPFFPAaDbhkEaXtcg6UuYl3mKCr:CPw4J9lv2fttPl+r

Score

10^/10

blackmoon banker trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

098de707006e51720fdabf6b29bbd7ed6cc542c62ec19c6b104c4cc3a7289c59.exe

Resource

win7-20240215-en

blackmoon banker trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

098de707006e51720fdabf6b29bbd7ed6cc542c62ec19c6b104c4cc3a7289c59.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  098de707006e51720fdabf6b29bbd7ed6cc542c62ec19c6b104c4cc3a7289c59
- Size
  
  7.2MB
- MD5
  
  643921cac760b978cad19942c52976ce
- SHA1
  
  43f5a6f4716b9a00177c0deb9aaed2be12ca8283
- SHA256
  
  098de707006e51720fdabf6b29bbd7ed6cc542c62ec19c6b104c4cc3a7289c59
- SHA512
  
  c12336685d997d31eb9912506b0951c8ea38e9fa679ed6c27a549f747eed4a1fcc2d84c31c395128398769a69858096e3474a70e06f05e308fe826921f550cd1
- SSDEEP
  
  196608:8Rv44PE6K4+auUPFFPAaDbhkEaXtcg6UuYl3mKCr:CPw4J9lv2fttPl+r
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy