Overview

overview

10

Static

static

3

ec496f1f26...4c.exe

windows7-x64

7

ec496f1f26...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec496f1f26f8a345a685296006d64696d41895848c499c831f30e7b370a7584c

  • Size

    1.1MB

  • Sample

    240614-qhlw2swcjj

  • MD5

    ad42d7bc215d988b8bf99ef77bd45b32

  • SHA1

    0e8f5841044f9d80b4a821dbfbea46597a560982

  • SHA256

    ec496f1f26f8a345a685296006d64696d41895848c499c831f30e7b370a7584c

  • SHA512

    8e800d46f7557032c287b291f925d8f7e719ec8727ad79eb01a2d4310264b3e40f888fae3898bbcd17bdd82cf7686c390342a1ad71a32fe4691cf788f12b1c71

  • SSDEEP

    24576:MJr8tE+GZeFW4zyw0CxHqiGOw0CN4zpaVXcpd6CBiC:MJ4UA3LPes

Score
10/10
blackmoonbankertrojan

Malware Config

Targets

    • Target

      ec496f1f26f8a345a685296006d64696d41895848c499c831f30e7b370a7584c

    • Size

      1.1MB

    • MD5

      ad42d7bc215d988b8bf99ef77bd45b32

    • SHA1

      0e8f5841044f9d80b4a821dbfbea46597a560982

    • SHA256

      ec496f1f26f8a345a685296006d64696d41895848c499c831f30e7b370a7584c

    • SHA512

      8e800d46f7557032c287b291f925d8f7e719ec8727ad79eb01a2d4310264b3e40f888fae3898bbcd17bdd82cf7686c390342a1ad71a32fe4691cf788f12b1c71

    • SSDEEP

      24576:MJr8tE+GZeFW4zyw0CxHqiGOw0CN4zpaVXcpd6CBiC:MJ4UA3LPes

    Score
    10/10
    blackmoonbankertrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks