blackmoon | 21e9dae31345de68175b0cbc8aaf149cf4e86f9e0f11ef5bbef1af75f95b4226 | Triage

Submit
Reports

Overview

overview

Static

static

3

21e9dae313...26.exe

windows7-x64

21e9dae313...26.exe

windows10-2004-x64

Sharing

General

Target

21e9dae31345de68175b0cbc8aaf149cf4e86f9e0f11ef5bbef1af75f95b4226
Size

7.1MB
Sample

241121-z1ys1aslhl
MD5

20deba2f6b306c1970f26bbdf0b0ef2a
SHA1

8ccbba8d4875ba8c9dd4213ef920068e6795d4f3
SHA256

21e9dae31345de68175b0cbc8aaf149cf4e86f9e0f11ef5bbef1af75f95b4226
SHA512

1b79e7f228ad4cec7448e0205d5f71114631481d9c13f189c0758fae30acb33575f14789741480f6e17475fba23414e85ff6b71d6e2a51ebe0b1b2dbfbd8ca32
SSDEEP

98304:Y8MRf8O229UQA/jrXJGkGezFCAM7BuyZV0SRx0p2PauQE22kMqhJ2hG8LD173:Y82829Wj7JGiFDSjn0p2UrhJCG8tL

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

21e9dae31345de68175b0cbc8aaf149cf4e86f9e0f11ef5bbef1af75f95b4226.exe

Resource

win7-20241010-en

blackmoon banker discovery trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

21e9dae31345de68175b0cbc8aaf149cf4e86f9e0f11ef5bbef1af75f95b4226.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  21e9dae31345de68175b0cbc8aaf149cf4e86f9e0f11ef5bbef1af75f95b4226
- Size
  
  7.1MB
- MD5
  
  20deba2f6b306c1970f26bbdf0b0ef2a
- SHA1
  
  8ccbba8d4875ba8c9dd4213ef920068e6795d4f3
- SHA256
  
  21e9dae31345de68175b0cbc8aaf149cf4e86f9e0f11ef5bbef1af75f95b4226
- SHA512
  
  1b79e7f228ad4cec7448e0205d5f71114631481d9c13f189c0758fae30acb33575f14789741480f6e17475fba23414e85ff6b71d6e2a51ebe0b1b2dbfbd8ca32
- SSDEEP
  
  98304:Y8MRf8O229UQA/jrXJGkGezFCAM7BuyZV0SRx0p2PauQE22kMqhJ2hG8LD173:Y82829Wj7JGiFDSjn0p2UrhJCG8tL
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2024

Terms | Privacy