Overview

overview

10

Static

static

3

2024-09-27...er.exe

windows7-x64

10

2024-09-27...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-27_74963de58f863553d29885b7c88a1e71_magniber

  • Size

    14.2MB

  • Sample

    240927-g7rn6ascpg

  • MD5

    74963de58f863553d29885b7c88a1e71

  • SHA1

    11606e31eea1aaaf2aead78e173c493dd1c5f27b

  • SHA256

    bc7699bff0a4297edcdc3b9d37f107d9f521ef87fa23aa81337fcea52e96357a

  • SHA512

    939072c17bf3555a735a9cc3720aa51b54027267ccea8a6fc969bd68aa5919e4d8d2aa75d89353b9732e7e69bb82e6f508988abb1df5f8c26f3f02a5177134ef

  • SSDEEP

    98304:OGwqwpAEdmDbNdL2WQljnUZxlKzS6I+Y0EjT9s9o36:rDbNdiUxlKzY0EjTC

Score
10/10
blackmoonbankerdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      2024-09-27_74963de58f863553d29885b7c88a1e71_magniber

    • Size

      14.2MB

    • MD5

      74963de58f863553d29885b7c88a1e71

    • SHA1

      11606e31eea1aaaf2aead78e173c493dd1c5f27b

    • SHA256

      bc7699bff0a4297edcdc3b9d37f107d9f521ef87fa23aa81337fcea52e96357a

    • SHA512

      939072c17bf3555a735a9cc3720aa51b54027267ccea8a6fc969bd68aa5919e4d8d2aa75d89353b9732e7e69bb82e6f508988abb1df5f8c26f3f02a5177134ef

    • SSDEEP

      98304:OGwqwpAEdmDbNdL2WQljnUZxlKzS6I+Y0EjT9s9o36:rDbNdiUxlKzY0EjTC

    Score
    10/10
    blackmoonbankerdiscoverypersistencetrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks