Overview

overview

10

Static

static

10

2024-07-27...ia.exe

windows7-x64

10

2024-07-27...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-27_e4c9aba0b40f9f8337be84476d067f08_mafia

  • Size

    1.7MB

  • Sample

    240727-j1v44syerc

  • MD5

    e4c9aba0b40f9f8337be84476d067f08

  • SHA1

    73b51f0b6a81f4776fb92e5e1e2fc842e30615f3

  • SHA256

    186424726695a39af8c33fe930ece32317d43a5a220acf70724182e20d9859e1

  • SHA512

    83326679131439f9fb4628433ae105927d0de16ec1f39fe193135f4b7a0d279bc70285ef6bf0200cd9649a2e699c8d45d12d7bdeadda2168168a70d8c7ab567c

  • SSDEEP

    49152:6+lYMoRzkVMOiMeGP0NaPNcp0sUPYu7UGHMke:Rl7ylGcaepMAOsk

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Targets

    • Target

      2024-07-27_e4c9aba0b40f9f8337be84476d067f08_mafia

    • Size

      1.7MB

    • MD5

      e4c9aba0b40f9f8337be84476d067f08

    • SHA1

      73b51f0b6a81f4776fb92e5e1e2fc842e30615f3

    • SHA256

      186424726695a39af8c33fe930ece32317d43a5a220acf70724182e20d9859e1

    • SHA512

      83326679131439f9fb4628433ae105927d0de16ec1f39fe193135f4b7a0d279bc70285ef6bf0200cd9649a2e699c8d45d12d7bdeadda2168168a70d8c7ab567c

    • SSDEEP

      49152:6+lYMoRzkVMOiMeGP0NaPNcp0sUPYu7UGHMke:Rl7ylGcaepMAOsk

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops startup file

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks