blackmoon | 370347324802b7c228a8d6eed227bf61bbc57fedb521f9d171f33422d6cd9406 | Triage

Submit
Reports

Overview

overview

Static

static

7

3703473248...06.exe

windows7-x64

3703473248...06.exe

windows10-2004-x64

Sharing

General

Target

370347324802b7c228a8d6eed227bf61bbc57fedb521f9d171f33422d6cd9406
Size

13.2MB
Sample

240523-fatxkseb2v
MD5

e244ec9cc3b087c2cce038f65331f283
SHA1

a8986abcda589013b1d2520b9376da1ac8e78b83
SHA256

370347324802b7c228a8d6eed227bf61bbc57fedb521f9d171f33422d6cd9406
SHA512

a410996386d56603f55c657d8ba516cd75895b7cb66069312e11be0c3f4f5656552cfe702bd96dc481081cec9b78518c9433e9714d163f3cc30bfc7880e2cdc5
SSDEEP

393216:gPDPY7mT7PHQWTDl3MBmMIDwMzpvJvbULw4/a8ln:Yei7fzTZcBjUDzULXB

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

370347324802b7c228a8d6eed227bf61bbc57fedb521f9d171f33422d6cd9406.exe

Resource

win7-20240508-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

370347324802b7c228a8d6eed227bf61bbc57fedb521f9d171f33422d6cd9406.exe

Resource

win10v2004-20240508-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  370347324802b7c228a8d6eed227bf61bbc57fedb521f9d171f33422d6cd9406
- Size
  
  13.2MB
- MD5
  
  e244ec9cc3b087c2cce038f65331f283
- SHA1
  
  a8986abcda589013b1d2520b9376da1ac8e78b83
- SHA256
  
  370347324802b7c228a8d6eed227bf61bbc57fedb521f9d171f33422d6cd9406
- SHA512
  
  a410996386d56603f55c657d8ba516cd75895b7cb66069312e11be0c3f4f5656552cfe702bd96dc481081cec9b78518c9433e9714d163f3cc30bfc7880e2cdc5
- SSDEEP
  
  393216:gPDPY7mT7PHQWTDl3MBmMIDwMzpvJvbULw4/a8ln:Yei7fzTZcBjUDzULXB
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy