blackmoon | aef4b3af74049742715f49a35d2dae9ee9b478e813a9ecaaa59f99dc43799173

General

Target

aef4b3af74049742715f49a35d2dae9ee9b478e813a9ecaaa59f99dc43799173
Size

604KB
Sample

240808-hkr7vavapd
MD5

6fc865494ea46ecfb9a4482e0c072f35
SHA1

e5900d001331bb5069e184e65b8ecf22df8151db
SHA256

aef4b3af74049742715f49a35d2dae9ee9b478e813a9ecaaa59f99dc43799173
SHA512

48695cdc03ff7383df43d726137e3495d9a3671348c4ed7229716e74328ecf7267087192f12afd124014f4bbc922bfb17c81dc12853b98d6649e4814d747c880
SSDEEP

12288:AiHVHaAdSTC6/y3d4FZpYRNe//ypJ0pAiRsTJS/JZvzE61YdqBpHay769uFl6qd3:AiHgqQC6/GijpYRNe//ynRJejrE6VP6Z

Score

10^/10

Malware Config

Targets

- Target
  
  aef4b3af74049742715f49a35d2dae9ee9b478e813a9ecaaa59f99dc43799173
- Size
  
  604KB
- MD5
  
  6fc865494ea46ecfb9a4482e0c072f35
- SHA1
  
  e5900d001331bb5069e184e65b8ecf22df8151db
- SHA256
  
  aef4b3af74049742715f49a35d2dae9ee9b478e813a9ecaaa59f99dc43799173
- SHA512
  
  48695cdc03ff7383df43d726137e3495d9a3671348c4ed7229716e74328ecf7267087192f12afd124014f4bbc922bfb17c81dc12853b98d6649e4814d747c880
- SSDEEP
  
  12288:AiHVHaAdSTC6/y3d4FZpYRNe//ypJ0pAiRsTJS/JZvzE61YdqBpHay769uFl6qd3:AiHgqQC6/GijpYRNe//ynRJejrE6VP6Z
Score

10^/10

blackmoon aspackv2 banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2