blackmoon | c3f1952ab8f8ca9cd493ba15d20c105cc85371f70dd0f2b7abf49c0dea17929e | Triage

Submit
Reports

Overview

overview

Static

static

3

c3f1952ab8...9e.exe

windows7-x64

7

c3f1952ab8...9e.exe

windows10-2004-x64

Sharing

General

Target

c3f1952ab8f8ca9cd493ba15d20c105cc85371f70dd0f2b7abf49c0dea17929e
Size

11.4MB
Sample

240523-2vsqxacc97
MD5

6b8be8350765348dd1752b0a0f8243f4
SHA1

155aa6ebaf9d86231854faf1162a0e9b0320c9a7
SHA256

c3f1952ab8f8ca9cd493ba15d20c105cc85371f70dd0f2b7abf49c0dea17929e
SHA512

f3f437f53b69b172a71f8377fd196c2badf151de1496fd88b7976296141c5e2c0c983e85b70ca05a635d2024b168cba9fab149e74ab3dec525aa3b31db3452c2
SSDEEP

196608:8Fl5poKEGK54nLHXD4oOVqMBfOo6eU7iayz+r83k8EzBnMpAf2FaqKM:8rTEy3cVqMdaiayZkBzBiAeFaDM

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c3f1952ab8f8ca9cd493ba15d20c105cc85371f70dd0f2b7abf49c0dea17929e.exe

Resource

win7-20240220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3f1952ab8f8ca9cd493ba15d20c105cc85371f70dd0f2b7abf49c0dea17929e.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  c3f1952ab8f8ca9cd493ba15d20c105cc85371f70dd0f2b7abf49c0dea17929e
- Size
  
  11.4MB
- MD5
  
  6b8be8350765348dd1752b0a0f8243f4
- SHA1
  
  155aa6ebaf9d86231854faf1162a0e9b0320c9a7
- SHA256
  
  c3f1952ab8f8ca9cd493ba15d20c105cc85371f70dd0f2b7abf49c0dea17929e
- SHA512
  
  f3f437f53b69b172a71f8377fd196c2badf151de1496fd88b7976296141c5e2c0c983e85b70ca05a635d2024b168cba9fab149e74ab3dec525aa3b31db3452c2
- SSDEEP
  
  196608:8Fl5poKEGK54nLHXD4oOVqMBfOo6eU7iayz+r83k8EzBnMpAf2FaqKM:8rTEy3cVqMdaiayZkBzBiAeFaDM
Score

10^/10

upx blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy