blackmoon | 383b1843a22db8c5fa531354dae82bdc7ab12c712d174a1276e53cea250ed06f | Triage

Submit
Reports

Overview

overview

Static

static

7

383b1843a2...6f.exe

windows7-x64

383b1843a2...6f.exe

windows10-2004-x64

Sharing

General

Target

383b1843a22db8c5fa531354dae82bdc7ab12c712d174a1276e53cea250ed06f
Size

14.6MB
Sample

240523-z12jwsgg53
MD5

11e157970b49d7a7b257ae1e65265763
SHA1

9f4f9393429b1c5bc3443634a1656beaca8bc949
SHA256

383b1843a22db8c5fa531354dae82bdc7ab12c712d174a1276e53cea250ed06f
SHA512

5ee8d17c88980b95c21cf31e28f494afdc1d3f31396942032fc564e61a5f5a70f02433496287ad0a8fa25d8851345c45d5b852d09241279910506e2c420cd68b
SSDEEP

393216:gPDP6rpGNvY+TodC5P3LhAvxeoxmj0lXVJvqsO:YCrpGC+TR5P3LaQP0Q/

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

383b1843a22db8c5fa531354dae82bdc7ab12c712d174a1276e53cea250ed06f.exe

Resource

win7-20240221-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

383b1843a22db8c5fa531354dae82bdc7ab12c712d174a1276e53cea250ed06f.exe

Resource

win10v2004-20240426-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  383b1843a22db8c5fa531354dae82bdc7ab12c712d174a1276e53cea250ed06f
- Size
  
  14.6MB
- MD5
  
  11e157970b49d7a7b257ae1e65265763
- SHA1
  
  9f4f9393429b1c5bc3443634a1656beaca8bc949
- SHA256
  
  383b1843a22db8c5fa531354dae82bdc7ab12c712d174a1276e53cea250ed06f
- SHA512
  
  5ee8d17c88980b95c21cf31e28f494afdc1d3f31396942032fc564e61a5f5a70f02433496287ad0a8fa25d8851345c45d5b852d09241279910506e2c420cd68b
- SSDEEP
  
  393216:gPDP6rpGNvY+TodC5P3LhAvxeoxmj0lXVJvqsO:YCrpGC+TR5P3LaQP0Q/
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy