blackmoon | 0e45d73cde6670fd896f3053bc9f3cd4dd72564baabd48a3bd4c61446a393172 | Triage

Submit
Reports

Overview

overview

Static

static

7

0e45d73cde...72.exe

windows7-x64

0e45d73cde...72.exe

windows10-2004-x64

Sharing

General

Target

0e45d73cde6670fd896f3053bc9f3cd4dd72564baabd48a3bd4c61446a393172.exe
Size

15.7MB
Sample

240524-mjhn8sdf9s
MD5

c37769349f9caa3530f3f1b9f08407a4
SHA1

318ff126b4202a66af1a7d1681f19c225147b0e0
SHA256

0e45d73cde6670fd896f3053bc9f3cd4dd72564baabd48a3bd4c61446a393172
SHA512

d563f3a28183230c66f85a9cbe0893a9d332aa5226d734cf4ce93e10fc9e1bc8983009a08bebdc8e103c76361d7f0fa1f6c662f4d19eec66fc60bede6b1b057e
SSDEEP

393216:gPDP5LEFmyEfXGNodC5w3LhAvx1+I3ryKUA3f/u8oEM0xPIcF:YxLEUy1R5w3La+I7sI+Yb

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0e45d73cde6670fd896f3053bc9f3cd4dd72564baabd48a3bd4c61446a393172.exe

Resource

win7-20240508-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e45d73cde6670fd896f3053bc9f3cd4dd72564baabd48a3bd4c61446a393172.exe

Resource

win10v2004-20240426-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e45d73cde6670fd896f3053bc9f3cd4dd72564baabd48a3bd4c61446a393172.exe
- Size
  
  15.7MB
- MD5
  
  c37769349f9caa3530f3f1b9f08407a4
- SHA1
  
  318ff126b4202a66af1a7d1681f19c225147b0e0
- SHA256
  
  0e45d73cde6670fd896f3053bc9f3cd4dd72564baabd48a3bd4c61446a393172
- SHA512
  
  d563f3a28183230c66f85a9cbe0893a9d332aa5226d734cf4ce93e10fc9e1bc8983009a08bebdc8e103c76361d7f0fa1f6c662f4d19eec66fc60bede6b1b057e
- SSDEEP
  
  393216:gPDP5LEFmyEfXGNodC5w3LhAvx1+I3ryKUA3f/u8oEM0xPIcF:YxLEUy1R5w3La+I7sI+Yb
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy