blackmoon | d1392d5f083a1c106cb407e74da0bb5018006c7138fe21dd434283cd0e8f514f

General

Target

2024-07-26_701831591cfa6610f4cf37d91ce1f267_icedid_poet-rat_sakula
Size

25.5MB
Sample

240726-xd3sbsxdqj
MD5

701831591cfa6610f4cf37d91ce1f267
SHA1

f94d78fc6fcf6816ab2240ec3eca5d4d15127423
SHA256

d1392d5f083a1c106cb407e74da0bb5018006c7138fe21dd434283cd0e8f514f
SHA512

973f304afe7481dc10b8aace95de32a4b11262b8c48a0d501e4615c45ed1517f3ae4b6ebcdac3350837a09b097fd510de1539aec5cbd56bea7666881b942c287
SSDEEP

196608:5QGuzijFtvhGPKUrLcJBag9FMqFB7l4lxWJGDWe1UwfjPvn8H6Mr1YXH+:9BFjGP/rLc/aGWwC6yWjwDn8HFr6XH

Score

10^/10

Malware Config

Targets

- Target
  
  2024-07-26_701831591cfa6610f4cf37d91ce1f267_icedid_poet-rat_sakula
- Size
  
  25.5MB
- MD5
  
  701831591cfa6610f4cf37d91ce1f267
- SHA1
  
  f94d78fc6fcf6816ab2240ec3eca5d4d15127423
- SHA256
  
  d1392d5f083a1c106cb407e74da0bb5018006c7138fe21dd434283cd0e8f514f
- SHA512
  
  973f304afe7481dc10b8aace95de32a4b11262b8c48a0d501e4615c45ed1517f3ae4b6ebcdac3350837a09b097fd510de1539aec5cbd56bea7666881b942c287
- SSDEEP
  
  196608:5QGuzijFtvhGPKUrLcJBag9FMqFB7l4lxWJGDWe1UwfjPvn8H6Mr1YXH+:9BFjGP/rLc/aGWwC6yWjwDn8HFr6XH
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Deletes itself

Drops startup file

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2