blackmoon | f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76 | Triage

Submit
Reports

Overview

overview

Static

static

f18b2d9ca2...76.exe

windows7-x64

f18b2d9ca2...76.exe

windows10-2004-x64

Sharing

General

Target

f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe
Size

431KB
Sample

240524-nrhvmsfd78
MD5

6f882a62faa48c6722bd0da1b34c26a4
SHA1

e47f36f68f92f6c7e57e92379dd63f84e5f682dd
SHA256

f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76
SHA512

b4c7cd6e25e1a7e909399715bf5a840baf6cfcc2f156d5a1c7a80377f98efb09c646eca9841734afb737ed8182f210fd492899030013c65bb286c45219b8452e
SSDEEP

3072:TVmHpJqu0Vh6jw/fmZmRMpVuWwP5tOcQfgdVqYHKjoS1HwZCFjTPG1UFNE2XCKU4:TcHpJfHElepVuWwP5YcQfg8J+ojCKC+b

Score

10^/10

blackmoon banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe

Resource

win7-20240508-en

blackmoon banker trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76.exe
- Size
  
  431KB
- MD5
  
  6f882a62faa48c6722bd0da1b34c26a4
- SHA1
  
  e47f36f68f92f6c7e57e92379dd63f84e5f682dd
- SHA256
  
  f18b2d9ca2caf1b7b8b1913c886a112e18769c71200bccb5f1cb2be2b034eb76
- SHA512
  
  b4c7cd6e25e1a7e909399715bf5a840baf6cfcc2f156d5a1c7a80377f98efb09c646eca9841734afb737ed8182f210fd492899030013c65bb286c45219b8452e
- SSDEEP
  
  3072:TVmHpJqu0Vh6jw/fmZmRMpVuWwP5tOcQfgdVqYHKjoS1HwZCFjTPG1UFNE2XCKU4:TcHpJfHElepVuWwP5YcQfg8J+ojCKC+b
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2024

Terms | Privacy