blackmoon | 5cb5634fa445883e3d1ca828ba0efcba75fd97b91a9fedbc0b7ab78496465b93 | Triage

Submit
Reports

Overview

overview

Static

static

7

5cb5634fa4...93.exe

windows7-x64

5cb5634fa4...93.exe

windows10-2004-x64

Sharing

General

Target

5cb5634fa445883e3d1ca828ba0efcba75fd97b91a9fedbc0b7ab78496465b93
Size

14.7MB
Sample

240524-j3ej5sag7w
MD5

967a03ef86521e8cb64023393be27b28
SHA1

c071cf1ee4a2246518c92816a44b1903ddd60431
SHA256

5cb5634fa445883e3d1ca828ba0efcba75fd97b91a9fedbc0b7ab78496465b93
SHA512

befd72ac63261a3c1f0749782352b309f3bd9df28c84cec4548e8b8ebb9f60d9591816aabe8a43dc79119715b9bb7f036b11d4c2d80cc7bac86321556813fed4
SSDEEP

393216:gPDPnpGNvIodC5d3LhAvxz9cFIvyqEULXEU7ujUC:YPpGeR5d3LaTcivQJUCP

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5cb5634fa445883e3d1ca828ba0efcba75fd97b91a9fedbc0b7ab78496465b93.exe

Resource

win7-20240221-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

5cb5634fa445883e3d1ca828ba0efcba75fd97b91a9fedbc0b7ab78496465b93.exe

Resource

win10v2004-20240508-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  5cb5634fa445883e3d1ca828ba0efcba75fd97b91a9fedbc0b7ab78496465b93
- Size
  
  14.7MB
- MD5
  
  967a03ef86521e8cb64023393be27b28
- SHA1
  
  c071cf1ee4a2246518c92816a44b1903ddd60431
- SHA256
  
  5cb5634fa445883e3d1ca828ba0efcba75fd97b91a9fedbc0b7ab78496465b93
- SHA512
  
  befd72ac63261a3c1f0749782352b309f3bd9df28c84cec4548e8b8ebb9f60d9591816aabe8a43dc79119715b9bb7f036b11d4c2d80cc7bac86321556813fed4
- SSDEEP
  
  393216:gPDPnpGNvIodC5d3LhAvxz9cFIvyqEULXEU7ujUC:YPpGeR5d3LaTcivQJUCP
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy