blackmoon | 6f6eb1b757920a950f99f70d645ebd77095f131921f414286077ae603129d067 | Triage

Submit
Reports

Overview

overview

Static

static

7

6f6eb1b757...67.exe

windows7-x64

6f6eb1b757...67.exe

windows10-2004-x64

Sharing

General

Target

6f6eb1b757920a950f99f70d645ebd77095f131921f414286077ae603129d067
Size

10.7MB
Sample

240524-dp961aba81
MD5

d2bf68453cf0b580292e4015bf958eaf
SHA1

577f62754d65cc26da2e3859b8e4767fb507e249
SHA256

6f6eb1b757920a950f99f70d645ebd77095f131921f414286077ae603129d067
SHA512

55f7b6f37188bcf074a76384451380bf351c84e40a77095cf86043026d3ca646db2f819eeb3262e69e951f567d6b45f339ec947248330508a9476745a9d94bb2
SSDEEP

196608:PYPDPywtWqt/G3/hhUdCAW1MslIY3LhAvx9Ipq/+I4R4u4NgbhjRtv/xUDvCEzYS:gPDPSrodC5/3LhAvx9Ipuutb1Dv/WD68

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6f6eb1b757920a950f99f70d645ebd77095f131921f414286077ae603129d067.exe

Resource

win7-20240419-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6f6eb1b757920a950f99f70d645ebd77095f131921f414286077ae603129d067.exe

Resource

win10v2004-20240426-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  6f6eb1b757920a950f99f70d645ebd77095f131921f414286077ae603129d067
- Size
  
  10.7MB
- MD5
  
  d2bf68453cf0b580292e4015bf958eaf
- SHA1
  
  577f62754d65cc26da2e3859b8e4767fb507e249
- SHA256
  
  6f6eb1b757920a950f99f70d645ebd77095f131921f414286077ae603129d067
- SHA512
  
  55f7b6f37188bcf074a76384451380bf351c84e40a77095cf86043026d3ca646db2f819eeb3262e69e951f567d6b45f339ec947248330508a9476745a9d94bb2
- SSDEEP
  
  196608:PYPDPywtWqt/G3/hhUdCAW1MslIY3LhAvx9Ipq/+I4R4u4NgbhjRtv/xUDvCEzYS:gPDPSrodC5/3LhAvx9Ipuutb1Dv/WD68
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy