blackmoon | 0c0233485fb1b4a83c8e73d889f2bd21c5b4271b63e8343625412d97cf6ddc81 | Triage

Submit
Reports

Overview

overview

Static

static

0c0233485f...81.exe

windows7-x64

0c0233485f...81.exe

windows10-2004-x64

Sharing

General

Target

0c0233485fb1b4a83c8e73d889f2bd21c5b4271b63e8343625412d97cf6ddc81.exe
Size

676KB
Sample

240726-qv4mma1bqj
MD5

bd8f6a68e9bab31cab60ac88fd307310
SHA1

4c6ca10b196448fd85d7979b15dda32ba23e2417
SHA256

0c0233485fb1b4a83c8e73d889f2bd21c5b4271b63e8343625412d97cf6ddc81
SHA512

199ac6702c5f6bb8460ff5ba3484aa1cf3455393aa9ab9ccc863571ed3a6e7b6ef335f8a7bf925f020e501f664c4561fdaa4f49a5962d712d496ad114e9af8a3
SSDEEP

12288:bg8fK/r8bYZYCtOhzodMDPStM8ePO2S4McLs:c8Gr8bYeCtOhzo6D2MG2Js

Score

10^/10

blackmoon aspackv2 banker discovery persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0c0233485fb1b4a83c8e73d889f2bd21c5b4271b63e8343625412d97cf6ddc81.exe

Resource

win7-20240705-en

blackmoon aspackv2 banker discovery persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

0c0233485fb1b4a83c8e73d889f2bd21c5b4271b63e8343625412d97cf6ddc81.exe

Resource

win10v2004-20240709-en

blackmoon aspackv2 banker discovery persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0c0233485fb1b4a83c8e73d889f2bd21c5b4271b63e8343625412d97cf6ddc81.exe
- Size
  
  676KB
- MD5
  
  bd8f6a68e9bab31cab60ac88fd307310
- SHA1
  
  4c6ca10b196448fd85d7979b15dda32ba23e2417
- SHA256
  
  0c0233485fb1b4a83c8e73d889f2bd21c5b4271b63e8343625412d97cf6ddc81
- SHA512
  
  199ac6702c5f6bb8460ff5ba3484aa1cf3455393aa9ab9ccc863571ed3a6e7b6ef335f8a7bf925f020e501f664c4561fdaa4f49a5962d712d496ad114e9af8a3
- SSDEEP
  
  12288:bg8fK/r8bYZYCtOhzodMDPStM8ePO2S4McLs:c8Gr8bYeCtOhzo6D2MG2Js
Score

10^/10

blackmoon aspackv2 banker discovery persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Sets service image path in registry
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackmoonaspackv2bankerdiscoverypersistencetrojan

behavioral2

blackmoonaspackv2bankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy