blackmoon | 04b805cf84894e496013042cb5b6b8127f7fa53cac3413164d16cd1bafbd5a3d | Triage

Submit
Reports

Overview

overview

Static

static

7

6d95c6e48c...18.exe

windows7-x64

6d95c6e48c...18.exe

windows10-2004-x64

Sharing

General

Target

6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118
Size

364KB
Sample

241023-hpsdeayejk
MD5

6d95c6e48c7115fa3f2b9b4c55721dde
SHA1

a6fba164e026bb2ff326ffee12391ab1cd263e2b
SHA256

04b805cf84894e496013042cb5b6b8127f7fa53cac3413164d16cd1bafbd5a3d
SHA512

13467e0a17469ad6087eed60ef91b9853a47e6da8663f11535c29591d11a127926808ed2bb0128c417f7659f43a02ad7f48badf008d2521b9b1bf437226db279
SSDEEP

6144:kRt1iwXgCFU+2Abuu86yZsnHeft76/7lT0VUByHoT6jMbIDvmm1V3S1N:kziwj2ussHqt760CVb7m16

Score

10^/10

blackmoon banker discovery trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118.exe

Resource

win7-20240708-en

blackmoon banker discovery trojan vmprotect

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  6d95c6e48c7115fa3f2b9b4c55721dde_JaffaCakes118
- Size
  
  364KB
- MD5
  
  6d95c6e48c7115fa3f2b9b4c55721dde
- SHA1
  
  a6fba164e026bb2ff326ffee12391ab1cd263e2b
- SHA256
  
  04b805cf84894e496013042cb5b6b8127f7fa53cac3413164d16cd1bafbd5a3d
- SHA512
  
  13467e0a17469ad6087eed60ef91b9853a47e6da8663f11535c29591d11a127926808ed2bb0128c417f7659f43a02ad7f48badf008d2521b9b1bf437226db279
- SSDEEP
  
  6144:kRt1iwXgCFU+2Abuu86yZsnHeft76/7lT0VUByHoT6jMbIDvmm1V3S1N:kziwj2ussHqt760CVb7m16
Score

10^/10

blackmoon banker discovery trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanvmprotect

behavioral2

blackmoonbankerdiscoverytrojanvmprotect

© 2018-2024

Terms | Privacy