blackmoon | f97c0223f7aaa977c35759c07610a4ce153ec259b1caeefdd53204a7e6470ffb | Triage

Submit
Reports

Overview

overview

Static

static

7

f97c0223f7...fb.exe

windows7-x64

f97c0223f7...fb.exe

windows10-2004-x64

Sharing

General

Target

f97c0223f7aaa977c35759c07610a4ce153ec259b1caeefdd53204a7e6470ffb
Size

14.8MB
Sample

240625-sdqqjszckn
MD5

7c2310e2caf1397a700834035873da8e
SHA1

50c8962cccc99a846cd8fb99412d2aca4b28b0ad
SHA256

f97c0223f7aaa977c35759c07610a4ce153ec259b1caeefdd53204a7e6470ffb
SHA512

f167bf67f9c82ecb0c7da95b972895174320aa94f3c1a234493eeefd064a29ee03c2925c16e0e39818534ea9049ec6a765b56a0edc4ce73c6835e1188c6ca344
SSDEEP

393216:gPDPMlFbN6yoNBkExhHDa76y36aqcXG+A1ysSMc4:Y07Uyo/D876vaqJ16x4

Score

10^/10

blackmoon aspackv2 banker trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f97c0223f7aaa977c35759c07610a4ce153ec259b1caeefdd53204a7e6470ffb.exe

Resource

win7-20240611-en

blackmoon aspackv2 banker trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f97c0223f7aaa977c35759c07610a4ce153ec259b1caeefdd53204a7e6470ffb.exe

Resource

win10v2004-20240611-en

blackmoon aspackv2 banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  f97c0223f7aaa977c35759c07610a4ce153ec259b1caeefdd53204a7e6470ffb
- Size
  
  14.8MB
- MD5
  
  7c2310e2caf1397a700834035873da8e
- SHA1
  
  50c8962cccc99a846cd8fb99412d2aca4b28b0ad
- SHA256
  
  f97c0223f7aaa977c35759c07610a4ce153ec259b1caeefdd53204a7e6470ffb
- SHA512
  
  f167bf67f9c82ecb0c7da95b972895174320aa94f3c1a234493eeefd064a29ee03c2925c16e0e39818534ea9049ec6a765b56a0edc4ce73c6835e1188c6ca344
- SSDEEP
  
  393216:gPDPMlFbN6yoNBkExhHDa76y36aqcXG+A1ysSMc4:Y07Uyo/D876vaqJ16x4
Score

10^/10

blackmoon aspackv2 banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankertrojan

behavioral2

blackmoonaspackv2bankertrojan

© 2018-2025

Terms | Privacy