blackmoon | 30c3067f523ed3123a9fa0c1ee4d209d5cd5770d0c1607e192d03455cc04a47d | Triage

Submit
Reports

Overview

overview

Static

static

30c3067f52...7d.exe

windows7-x64

30c3067f52...7d.exe

windows10-2004-x64

Sharing

General

Target

30c3067f523ed3123a9fa0c1ee4d209d5cd5770d0c1607e192d03455cc04a47d.exe
Size

9.1MB
Sample

240524-k5bfyacb94
MD5

1d210391c6bc1cd255b5e426bdf2c98c
SHA1

9c66ec96462385bfdf4a53269a771e58e9c32251
SHA256

30c3067f523ed3123a9fa0c1ee4d209d5cd5770d0c1607e192d03455cc04a47d
SHA512

0ad95eddea508abb1858c30483047e4dcfc045b55946e067d1f29a8c45ec7769cd255773a36906800b0cd3df51fefc229830917df9acef6fd0f7befcb2779e67
SSDEEP

196608:wbsJGqjBpDyHl+rFeyaxJrbvAFTKlOcnIq/GxApza7Wl0WWy/wa2X3iow29UclX3:wbgjBFyl+rg/bkt0nBGe07Wsiow29UcR

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

30c3067f523ed3123a9fa0c1ee4d209d5cd5770d0c1607e192d03455cc04a47d.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

30c3067f523ed3123a9fa0c1ee4d209d5cd5770d0c1607e192d03455cc04a47d.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  30c3067f523ed3123a9fa0c1ee4d209d5cd5770d0c1607e192d03455cc04a47d.exe
- Size
  
  9.1MB
- MD5
  
  1d210391c6bc1cd255b5e426bdf2c98c
- SHA1
  
  9c66ec96462385bfdf4a53269a771e58e9c32251
- SHA256
  
  30c3067f523ed3123a9fa0c1ee4d209d5cd5770d0c1607e192d03455cc04a47d
- SHA512
  
  0ad95eddea508abb1858c30483047e4dcfc045b55946e067d1f29a8c45ec7769cd255773a36906800b0cd3df51fefc229830917df9acef6fd0f7befcb2779e67
- SSDEEP
  
  196608:wbsJGqjBpDyHl+rFeyaxJrbvAFTKlOcnIq/GxApza7Wl0WWy/wa2X3iow29UclX3:wbgjBFyl+rg/bkt0nBGe07Wsiow29UcR
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy