blackmoon | a480a489a67a75e5ed280a0c701718e781e3ae7cbfde47bd610b5e690a0a748f | Triage

Submit
Reports

Overview

overview

Static

static

a480a489a6...8f.exe

windows7-x64

a480a489a6...8f.exe

windows10-2004-x64

Sharing

General

Target

a480a489a67a75e5ed280a0c701718e781e3ae7cbfde47bd610b5e690a0a748f
Size

9.1MB
Sample

240524-bzv4qagf86
MD5

614c99b24259bc4c5b197006bd317178
SHA1

8a49f7a41acab770363839286c1d05f2ed3147c3
SHA256

a480a489a67a75e5ed280a0c701718e781e3ae7cbfde47bd610b5e690a0a748f
SHA512

37f9357fa5744904c79bc35e35d5c1cf8addeaa2bb13405b8c297e57d9eaa9e1e737c2071537819f2f52a7230fbe753e68961643e0a808eca929b1c22e05a96c
SSDEEP

196608:6bsJm7b8O88jTR9IoKyos6K2KfrzubK0Ih02T/nYiQlRUoreP/abux4vQuox:6bh7b8O88PR6TsRj1hvT/YiQjGXWf

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

a480a489a67a75e5ed280a0c701718e781e3ae7cbfde47bd610b5e690a0a748f.exe

Resource

win7-20240508-en

blackmoon banker trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a480a489a67a75e5ed280a0c701718e781e3ae7cbfde47bd610b5e690a0a748f.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  a480a489a67a75e5ed280a0c701718e781e3ae7cbfde47bd610b5e690a0a748f
- Size
  
  9.1MB
- MD5
  
  614c99b24259bc4c5b197006bd317178
- SHA1
  
  8a49f7a41acab770363839286c1d05f2ed3147c3
- SHA256
  
  a480a489a67a75e5ed280a0c701718e781e3ae7cbfde47bd610b5e690a0a748f
- SHA512
  
  37f9357fa5744904c79bc35e35d5c1cf8addeaa2bb13405b8c297e57d9eaa9e1e737c2071537819f2f52a7230fbe753e68961643e0a808eca929b1c22e05a96c
- SSDEEP
  
  196608:6bsJm7b8O88jTR9IoKyos6K2KfrzubK0Ih02T/nYiQlRUoreP/abux4vQuox:6bh7b8O88PR6TsRj1hvT/YiQjGXWf
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy