Overview

overview

10

Static

static

3

09dc3e8bbd...eb.exe

windows7-x64

10

09dc3e8bbd...eb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09dc3e8bbd2a073847dab02976cd6f383fac26740127948da2fd6eb7371920eb

  • Size

    10.2MB

  • Sample

    240524-prskhscb61

  • MD5

    b3991b3ab21beae0511ead9c1f1d9da7

  • SHA1

    2eac3c6ab582431b9915cdfa16f25f0f95be22fb

  • SHA256

    09dc3e8bbd2a073847dab02976cd6f383fac26740127948da2fd6eb7371920eb

  • SHA512

    4fe1445aba6f0a1eb0222f3c2b60d8cbd9dc70d648941fa8c6af69917181a547a4296bee57c591cb41e474b363dc9592a3da1038e33a5560153d1cb1829ad784

  • SSDEEP

    49152:i18You03cT8xUGvYD2BXh/KYJESnoX1IwSTnyhtxB+XywheZZXfpd8extOJcCjGe:NtswUG6ShSYs4ybzFhdLOzZYyFpz

Score
10/10
blackmoonbankerpersistencetrojan

Malware Config

Targets

    • Target

      09dc3e8bbd2a073847dab02976cd6f383fac26740127948da2fd6eb7371920eb

    • Size

      10.2MB

    • MD5

      b3991b3ab21beae0511ead9c1f1d9da7

    • SHA1

      2eac3c6ab582431b9915cdfa16f25f0f95be22fb

    • SHA256

      09dc3e8bbd2a073847dab02976cd6f383fac26740127948da2fd6eb7371920eb

    • SHA512

      4fe1445aba6f0a1eb0222f3c2b60d8cbd9dc70d648941fa8c6af69917181a547a4296bee57c591cb41e474b363dc9592a3da1038e33a5560153d1cb1829ad784

    • SSDEEP

      49152:i18You03cT8xUGvYD2BXh/KYJESnoX1IwSTnyhtxB+XywheZZXfpd8extOJcCjGe:NtswUG6ShSYs4ybzFhdLOzZYyFpz

    Score
    10/10
    blackmoonbankerpersistencetrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Adds policy Run key to start application

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks