blackmoon | 12df6d028773d3b6c5feec03f7a5eea62117121c4896df1504ff0d0377570446 | Triage

Submit
Reports

Overview

overview

Static

static

3

10d8bcf7e4...0N.exe

windows7-x64

10d8bcf7e4...0N.exe

windows10-2004-x64

Sharing

General

Target

10d8bcf7e4090a921c0abf5879e22da0N.exe
Size

192KB
Sample

240726-qex5xazclj
MD5

10d8bcf7e4090a921c0abf5879e22da0
SHA1

594904a707bc4979e9ab0dff6b5f448f36c8dfb2
SHA256

12df6d028773d3b6c5feec03f7a5eea62117121c4896df1504ff0d0377570446
SHA512

8c77f43bd5b4a7812b584d728e1b9d428a413d69259a31c641c81b7daee7208878bccfd808d74f53bad192c9e5981865a3eac46d2fdd0907c345c14528371e8f
SSDEEP

1536:/s2OpUqBA6pkuTHQ0cIrf+7LYsF03RYSYhM9l8yDI15XygDiuuuuuH:/ImRWTTpc627LXFm6+9l8nygDiuuuuuH

Score

10^/10

blackmoon banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

10d8bcf7e4090a921c0abf5879e22da0N.exe

Resource

win7-20240708-en

blackmoon banker discovery trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

10d8bcf7e4090a921c0abf5879e22da0N.exe

Resource

win10v2004-20240709-en

blackmoon banker discovery trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  10d8bcf7e4090a921c0abf5879e22da0N.exe
- Size
  
  192KB
- MD5
  
  10d8bcf7e4090a921c0abf5879e22da0
- SHA1
  
  594904a707bc4979e9ab0dff6b5f448f36c8dfb2
- SHA256
  
  12df6d028773d3b6c5feec03f7a5eea62117121c4896df1504ff0d0377570446
- SHA512
  
  8c77f43bd5b4a7812b584d728e1b9d428a413d69259a31c641c81b7daee7208878bccfd808d74f53bad192c9e5981865a3eac46d2fdd0907c345c14528371e8f
- SSDEEP
  
  1536:/s2OpUqBA6pkuTHQ0cIrf+7LYsF03RYSYhM9l8yDI15XygDiuuuuuH:/ImRWTTpc627LXFm6+9l8nygDiuuuuuH
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

behavioral2

blackmoonbankerdiscoverytrojan

© 2018-2024

Terms | Privacy