Overview

overview

10

Static

static

1

i4.msi

windows7-x64

6

i4.msi

windows10-2004-x64

10

Resubmissions

22/11/2024, 05:12

241122-fv4mhs1kgp 10

19/11/2024, 04:06

241119-epln3szmft 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    i4.msi.vir

  • Size

    414.8MB

  • Sample

    241119-epln3szmft

  • MD5

    5458ded6540ceaa02e7c1b74b38fa8ba

  • SHA1

    77f63bfb0c37b76005b9105e3544a63dd2240f77

  • SHA256

    7f7abbdbd82cc7e2142636e764b13547bd1e309221693a9e3d1ceab5299c0af6

  • SHA512

    cac691c9c69e6db69e4e9d16a60aa9e01f2cf6f2fc7bafc15b9ba88d13dc0bcfb2f966e9e7b888aafa547cb49f2ca6df625fe555b6eb6d757e30aa601ea8feec

  • SSDEEP

    12582912:kGJfvUrxERbTpxS6bJSPeXi2ffucxlgJIerR:kGq9Mp9bJSWXi2fpxOIerR

Score
10/10
blackmoonbankerdiscoverypersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      i4.msi.vir

    • Size

      414.8MB

    • MD5

      5458ded6540ceaa02e7c1b74b38fa8ba

    • SHA1

      77f63bfb0c37b76005b9105e3544a63dd2240f77

    • SHA256

      7f7abbdbd82cc7e2142636e764b13547bd1e309221693a9e3d1ceab5299c0af6

    • SHA512

      cac691c9c69e6db69e4e9d16a60aa9e01f2cf6f2fc7bafc15b9ba88d13dc0bcfb2f966e9e7b888aafa547cb49f2ca6df625fe555b6eb6d757e30aa601ea8feec

    • SSDEEP

      12582912:kGJfvUrxERbTpxS6bJSPeXi2ffucxlgJIerR:kGq9Mp9bJSWXi2fpxOIerR

    Score
    10/10
    discoverypersistenceprivilege_escalationblackmoonbankertrojan

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks