blackmoon | 657e19240ee4616395212673c1157cc40cceebbdae1f360ab9d919ed1ffae200 | Triage

Submit
Reports

Overview

overview

Static

static

7

657e19240e...00.exe

windows7-x64

657e19240e...00.exe

windows10-2004-x64

Sharing

General

Target

657e19240ee4616395212673c1157cc40cceebbdae1f360ab9d919ed1ffae200.exe
Size

8.4MB
Sample

240524-mjz9aadg87
MD5

65144756960be44e2260648ca49df210
SHA1

913aeeeb2f6cdf68561cd092d467437072f73e63
SHA256

657e19240ee4616395212673c1157cc40cceebbdae1f360ab9d919ed1ffae200
SHA512

b56a13a10bd36c98f1d7f16702b72fe04acb65417c2442c9965dde550deadf00ec0675fc18dd8e74aa30bb693a392aade00978f99ea1b9d8db63178af2980984
SSDEEP

196608:PYPDPyklrNDbtXRd6SdJNJ63ahuoo2/2rZpd3GAA29gp4DVZkK5lp9CmUlXMAkK:gPDPnlFbN6yj63ahXo2/0wAABmViQD9s

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

657e19240ee4616395212673c1157cc40cceebbdae1f360ab9d919ed1ffae200.exe

Resource

win7-20240220-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

657e19240ee4616395212673c1157cc40cceebbdae1f360ab9d919ed1ffae200.exe

Resource

win10v2004-20240508-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  657e19240ee4616395212673c1157cc40cceebbdae1f360ab9d919ed1ffae200.exe
- Size
  
  8.4MB
- MD5
  
  65144756960be44e2260648ca49df210
- SHA1
  
  913aeeeb2f6cdf68561cd092d467437072f73e63
- SHA256
  
  657e19240ee4616395212673c1157cc40cceebbdae1f360ab9d919ed1ffae200
- SHA512
  
  b56a13a10bd36c98f1d7f16702b72fe04acb65417c2442c9965dde550deadf00ec0675fc18dd8e74aa30bb693a392aade00978f99ea1b9d8db63178af2980984
- SSDEEP
  
  196608:PYPDPyklrNDbtXRd6SdJNJ63ahuoo2/2rZpd3GAA29gp4DVZkK5lp9CmUlXMAkK:gPDPnlFbN6yj63ahXo2/0wAABmViQD9s
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy