blackmoon | 09c0ce3295b027233e4e2c840e67dae866e124eb9e691e63809a963428b99b6e | Triage

Submit
Reports

Overview

overview

Static

static

3ea65a22e1...cs.exe

windows7-x64

3ea65a22e1...cs.exe

windows10-2004-x64

Sharing

General

Target

3ea65a22e1165117e01cac812bbcf090_NeikiAnalytics.exe
Size

357KB
Sample

240523-y35hwsfa37
MD5

3ea65a22e1165117e01cac812bbcf090
SHA1

b2a8f2a21a6f6978bdd018d68bc68bcf552b38a3
SHA256

09c0ce3295b027233e4e2c840e67dae866e124eb9e691e63809a963428b99b6e
SHA512

14a689fb1b7be7ce4afe33ff7f4a90f685292870d1bfac59ba36bb755ba20497d1e7a88b74f736ce431acdff7114e2229bd8f66dd9f20708b516be978db911ba
SSDEEP

6144:mvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7o/:mvMQ5ibjnwka3pbRC19Gw/Nso/

Score

10^/10

blackmoon banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3ea65a22e1165117e01cac812bbcf090_NeikiAnalytics.exe

Resource

win7-20240220-en

blackmoon banker trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3ea65a22e1165117e01cac812bbcf090_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3ea65a22e1165117e01cac812bbcf090_NeikiAnalytics.exe
- Size
  
  357KB
- MD5
  
  3ea65a22e1165117e01cac812bbcf090
- SHA1
  
  b2a8f2a21a6f6978bdd018d68bc68bcf552b38a3
- SHA256
  
  09c0ce3295b027233e4e2c840e67dae866e124eb9e691e63809a963428b99b6e
- SHA512
  
  14a689fb1b7be7ce4afe33ff7f4a90f685292870d1bfac59ba36bb755ba20497d1e7a88b74f736ce431acdff7114e2229bd8f66dd9f20708b516be978db911ba
- SSDEEP
  
  6144:mvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7o/:mvMQ5ibjnwka3pbRC19Gw/Nso/
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2024

Terms | Privacy