Overview

overview

10

Static

static

3

2a03d87477...fN.exe

windows7-x64

10

2a03d87477...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a03d87477d5c0a2f84538779b4b6c860067fc0276fe8a810807d8177931bd1fN.exe

  • Size

    86KB

  • Sample

    241126-bepq7swkbv

  • MD5

    49786adf48758c538b278c55bed45a40

  • SHA1

    b8c2fdae1b543ee444de88e97fc9ef6b0b9183f5

  • SHA256

    2a03d87477d5c0a2f84538779b4b6c860067fc0276fe8a810807d8177931bd1f

  • SHA512

    41fa7b18ac05838ea7a7a2885eafadaa09c7087e83fb151479332cb4cbcbeed692706bcb4983389c2b5b4a3d745d15dc5a1dddb877e5ffbe1439d77b8cc7a101

  • SSDEEP

    1536:/s2OpUqBA6pkuTHQ0cIrf+7LYsF03RYSYhM9l8yDI15XygDdDv:/ImRWTTpc627LXFm6+9l8nygDdD

Score
10/10
blackmoonbankerdiscoverytrojan

Malware Config

Targets

    • Target

      2a03d87477d5c0a2f84538779b4b6c860067fc0276fe8a810807d8177931bd1fN.exe

    • Size

      86KB

    • MD5

      49786adf48758c538b278c55bed45a40

    • SHA1

      b8c2fdae1b543ee444de88e97fc9ef6b0b9183f5

    • SHA256

      2a03d87477d5c0a2f84538779b4b6c860067fc0276fe8a810807d8177931bd1f

    • SHA512

      41fa7b18ac05838ea7a7a2885eafadaa09c7087e83fb151479332cb4cbcbeed692706bcb4983389c2b5b4a3d745d15dc5a1dddb877e5ffbe1439d77b8cc7a101

    • SSDEEP

      1536:/s2OpUqBA6pkuTHQ0cIrf+7LYsF03RYSYhM9l8yDI15XygDdDv:/ImRWTTpc627LXFm6+9l8nygDdD

    Score
    10/10
    blackmoonbankerdiscoverytrojan

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks