blackmoon | 83b0d5ce553a4409abf0b4f6d599b1de948eec22e674ba768ba045753ee5b908 | Triage

Submit
Reports

Overview

overview

Static

static

83b0d5ce55...08.exe

windows7-x64

83b0d5ce55...08.exe

windows10-2004-x64

Sharing

General

Target

83b0d5ce553a4409abf0b4f6d599b1de948eec22e674ba768ba045753ee5b908
Size

2.8MB
Sample

240523-xzvnvada9w
MD5

b455386e89a19e05764869d5485c739f
SHA1

4bd6fa97684ba82862acf788c8bbe97310dabfe8
SHA256

83b0d5ce553a4409abf0b4f6d599b1de948eec22e674ba768ba045753ee5b908
SHA512

25511af7ac3a802f221eee70869583e5290a37189fbcd325499a0c50ce3b5067667a40abe45d0013ec44c992dd68b8bf8c49aad511cfbddfbc83df47cd6873a4
SSDEEP

49152:9KBbvqRaUsjrAYlhGZCFX2+Zf5svwSC95zH8wHRtP0hUyCSm5LX1EFeDIJSph8Py:SvPUWMAoCFRRsvwSC95zTHEhVCl7SFeD

Score

10^/10

blackmoon banker spyware stealer trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

83b0d5ce553a4409abf0b4f6d599b1de948eec22e674ba768ba045753ee5b908.exe

Resource

win7-20240508-en

blackmoon banker spyware stealer trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

83b0d5ce553a4409abf0b4f6d599b1de948eec22e674ba768ba045753ee5b908.exe

Resource

win10v2004-20240508-en

blackmoon banker spyware stealer trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  83b0d5ce553a4409abf0b4f6d599b1de948eec22e674ba768ba045753ee5b908
- Size
  
  2.8MB
- MD5
  
  b455386e89a19e05764869d5485c739f
- SHA1
  
  4bd6fa97684ba82862acf788c8bbe97310dabfe8
- SHA256
  
  83b0d5ce553a4409abf0b4f6d599b1de948eec22e674ba768ba045753ee5b908
- SHA512
  
  25511af7ac3a802f221eee70869583e5290a37189fbcd325499a0c50ce3b5067667a40abe45d0013ec44c992dd68b8bf8c49aad511cfbddfbc83df47cd6873a4
- SSDEEP
  
  49152:9KBbvqRaUsjrAYlhGZCFX2+Zf5svwSC95zH8wHRtP0hUyCSm5LX1EFeDIJSph8Py:SvPUWMAoCFRRsvwSC95zTHEhVCl7SFeD
Score

10^/10

blackmoon banker spyware stealer trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankerspywarestealertrojanupx

behavioral2

blackmoonbankerspywarestealertrojanupx

© 2018-2024

Terms | Privacy