Overview

overview

10

Static

static

10

00a5475b60...ec.exe

windows7-x64

10

00a5475b60...ec.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    00a5475b60ecbaa8337291e95f80b852e9f122914233fcafdb4cbbc7029feaec

  • Size

    87KB

  • Sample

    241012-wsgyqstepb

  • MD5

    c7d17b278d95ff3dea74f0720e4da195

  • SHA1

    7ee6c911db619a024b78925a40cf15798adaaeba

  • SHA256

    00a5475b60ecbaa8337291e95f80b852e9f122914233fcafdb4cbbc7029feaec

  • SHA512

    55b9ab35b6b4ca417427a5a1fa1d953f26efd5fcbef186f52cdf2e5ef9b100e68f2561f69a7ca4f98ed54ca7398000233479c0368b62421897d6fd9bbe181a41

  • SSDEEP

    1536:z4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSMdH+002I3/iQ:Mq6OLM3QasY5Ft71fqWWp+efGftm2I37

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Targets

    • Target

      00a5475b60ecbaa8337291e95f80b852e9f122914233fcafdb4cbbc7029feaec

    • Size

      87KB

    • MD5

      c7d17b278d95ff3dea74f0720e4da195

    • SHA1

      7ee6c911db619a024b78925a40cf15798adaaeba

    • SHA256

      00a5475b60ecbaa8337291e95f80b852e9f122914233fcafdb4cbbc7029feaec

    • SHA512

      55b9ab35b6b4ca417427a5a1fa1d953f26efd5fcbef186f52cdf2e5ef9b100e68f2561f69a7ca4f98ed54ca7398000233479c0368b62421897d6fd9bbe181a41

    • SSDEEP

      1536:z4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSMdH+002I3/iQ:Mq6OLM3QasY5Ft71fqWWp+efGftm2I37

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks