blackmoon | db12041535a38a59fc09b85f67302cbc9859b0f444c5fa677bcfd4f4f3b8e303

General

Target

2024-09-05_88e5f7fcb3a6b6f2ebb54bbdaae394e5_icedid_jrat_sakula
Size

21.3MB
Sample

240905-vznjeswglb
MD5

88e5f7fcb3a6b6f2ebb54bbdaae394e5
SHA1

a1797481b116c8f9d6dbf72b538ec200528a0aa4
SHA256

db12041535a38a59fc09b85f67302cbc9859b0f444c5fa677bcfd4f4f3b8e303
SHA512

c8de757766df4c27f092320f07906886cb3a4e39eea82f9da5abcf0f9555c8eaa9e3c333321e5738066368584c5c2b75528b27bd92a08f833b2c05b0d3ae1aad
SSDEEP

196608:w1zsKFJndotUVMbUJfF7PD2pbJ6VszmYN8jqqw8o3BNYtRlR:WPFJm6VorNk28o3gtRj

Score

10^/10

Malware Config

Targets

- Target
  
  2024-09-05_88e5f7fcb3a6b6f2ebb54bbdaae394e5_icedid_jrat_sakula
- Size
  
  21.3MB
- MD5
  
  88e5f7fcb3a6b6f2ebb54bbdaae394e5
- SHA1
  
  a1797481b116c8f9d6dbf72b538ec200528a0aa4
- SHA256
  
  db12041535a38a59fc09b85f67302cbc9859b0f444c5fa677bcfd4f4f3b8e303
- SHA512
  
  c8de757766df4c27f092320f07906886cb3a4e39eea82f9da5abcf0f9555c8eaa9e3c333321e5738066368584c5c2b75528b27bd92a08f833b2c05b0d3ae1aad
- SSDEEP
  
  196608:w1zsKFJndotUVMbUJfF7PD2pbJ6VszmYN8jqqw8o3BNYtRlR:WPFJm6VorNk28o3gtRj
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

Checks computer location settings

Deletes itself

Drops startup file

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2