blackmoon | 4691daa9c9195dd0e1d7dbae90ba6e30a5d9fd506a118967e4796408a6399d69 | Triage

Submit
Reports

Overview

overview

Static

static

2024-05-23...ia.exe

windows7-x64

2024-05-23...ia.exe

windows10-2004-x64

Sharing

General

Target

2024-05-23_5fb791968a1460f815e4aba655d4c78d_mafia
Size

1.6MB
Sample

240523-ecn9facg8z
MD5

5fb791968a1460f815e4aba655d4c78d
SHA1

38172eadadf048931c71fb511b9fdd7d69f4b818
SHA256

4691daa9c9195dd0e1d7dbae90ba6e30a5d9fd506a118967e4796408a6399d69
SHA512

a15ff5e215dddb9302ebbf5b8027df7dd20d97194ef2911c543e693c56dac73c3855f987b655367208675f487b30dea944109ef5265013f46b97a8e2761d0bf7
SSDEEP

24576:+uOMzTVHxWd7xlr6LbfRRM5OTJ7hIVymFNlMtRVblP9PIjo3rSyp0sUPYud9mj7c:+wod7xULbpf/I07Syp0sUPYu7U2K

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2024-05-23_5fb791968a1460f815e4aba655d4c78d_mafia.exe

Resource

win7-20240215-en

blackmoon banker discovery trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-23_5fb791968a1460f815e4aba655d4c78d_mafia.exe

Resource

win10v2004-20240426-en

blackmoon banker discovery trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-05-23_5fb791968a1460f815e4aba655d4c78d_mafia
- Size
  
  1.6MB
- MD5
  
  5fb791968a1460f815e4aba655d4c78d
- SHA1
  
  38172eadadf048931c71fb511b9fdd7d69f4b818
- SHA256
  
  4691daa9c9195dd0e1d7dbae90ba6e30a5d9fd506a118967e4796408a6399d69
- SHA512
  
  a15ff5e215dddb9302ebbf5b8027df7dd20d97194ef2911c543e693c56dac73c3855f987b655367208675f487b30dea944109ef5265013f46b97a8e2761d0bf7
- SSDEEP
  
  24576:+uOMzTVHxWd7xlr6LbfRRM5OTJ7hIVymFNlMtRVblP9PIjo3rSyp0sUPYud9mj7c:+wod7xULbpf/I07Syp0sUPYu7U2K
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX dump on OEP (original entry point)
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2024

Terms | Privacy