blackmoon | 479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da | Triage

Submit
Reports

Overview

overview

Static

static

7

479a8e3fe4...da.exe

windows7-x64

479a8e3fe4...da.exe

windows10-2004-x64

Sharing

General

Target

479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da
Size

14.7MB
Sample

240524-mnxnysea28
MD5

5c6fb210d8da691453b79456b560ae90
SHA1

35b5b71cf2fc3293b5cce909b66fb77fa0526f7e
SHA256

479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da
SHA512

aad43980acb0ac3311301b5e7a9df6ccb09a0ebbbd3086730070480aabe7653dccd551cd5a11bd9e1d22dfefc0d789c74457c9233a44ebab928ed59cbb878f46
SSDEEP

393216:gPDP+pGNvLi8oIf73hW3qy/P3i6i84IH7kEjqpYFCC2:Y2pGl6If7RlEjJ4mwEjEUk

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe

Resource

win7-20240221-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da.exe

Resource

win10v2004-20240508-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da
- Size
  
  14.7MB
- MD5
  
  5c6fb210d8da691453b79456b560ae90
- SHA1
  
  35b5b71cf2fc3293b5cce909b66fb77fa0526f7e
- SHA256
  
  479a8e3fe4fe0d22c6fe2527ba47de243ea749d542f274a07a207714781331da
- SHA512
  
  aad43980acb0ac3311301b5e7a9df6ccb09a0ebbbd3086730070480aabe7653dccd551cd5a11bd9e1d22dfefc0d789c74457c9233a44ebab928ed59cbb878f46
- SSDEEP
  
  393216:gPDP+pGNvLi8oIf73hW3qy/P3i6i84IH7kEjqpYFCC2:Y2pGl6If7RlEjJ4mwEjEUk
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2024

Terms | Privacy