Overview

overview

10

Static

static

3

46a16949b6...88.exe

windows7-x64

10

46a16949b6...88.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    46a16949b6c0800cd5f1bf6444fa9923bd7bac3374a7a83f4b45893bdce28e88

  • Size

    568KB

  • Sample

    241002-ezx5vs1apb

  • MD5

    49a5c5eb9586cf6f45d550e3abfd2b4c

  • SHA1

    11b8bd9f8fe57826c77ab4bf1c32113d68667113

  • SHA256

    46a16949b6c0800cd5f1bf6444fa9923bd7bac3374a7a83f4b45893bdce28e88

  • SHA512

    2e1c6e1ff57f061bb96eeb91a19c9c056cf69a28528fb6dc0b49d18a427d2de43f7aa74d354b4e2255a43d193bf8aab01b86572a643296117a73faf15b1b5b10

  • SSDEEP

    6144:07HsN4Hi9M5665NSVtvnUAp4i7UN0AVD4enf62DDoOvKL2qz7:07sN4i4fNotc+C0onf60KVH

Score
10/10
blackmoonbankerdefense_evasiondiscoverypersistencetrojan

Malware Config

Targets

    • Target

      46a16949b6c0800cd5f1bf6444fa9923bd7bac3374a7a83f4b45893bdce28e88

    • Size

      568KB

    • MD5

      49a5c5eb9586cf6f45d550e3abfd2b4c

    • SHA1

      11b8bd9f8fe57826c77ab4bf1c32113d68667113

    • SHA256

      46a16949b6c0800cd5f1bf6444fa9923bd7bac3374a7a83f4b45893bdce28e88

    • SHA512

      2e1c6e1ff57f061bb96eeb91a19c9c056cf69a28528fb6dc0b49d18a427d2de43f7aa74d354b4e2255a43d193bf8aab01b86572a643296117a73faf15b1b5b10

    • SSDEEP

      6144:07HsN4Hi9M5665NSVtvnUAp4i7UN0AVD4enf62DDoOvKL2qz7:07sN4i4fNotc+C0onf60KVH

    Score
    10/10
    blackmoonbankerdiscoverytrojandefense_evasionpersistence

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Indicator Removal: Clear Persistence

      remove IFEO.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks