Overview

overview

10

Static

static

10

78039aab99...8a.exe

windows7-x64

10

78039aab99...8a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78039aab990bf932170e0ef08a73923948d7c93389a61fc5fd1f5ee5ca78398a.exe

  • Size

    366KB

  • Sample

    241217-exv8gs1pan

  • MD5

    d38fe2c1df43af863869a2ef1583691e

  • SHA1

    fb90b302b1664840560b2920955f2eff4bccd50c

  • SHA256

    78039aab990bf932170e0ef08a73923948d7c93389a61fc5fd1f5ee5ca78398a

  • SHA512

    19ff4a33ba4648607bdbc5362ed55603b15248bf6fa7491c968c9fbe12fe3b9819d45cb39eaf46db640d8ffa1e29f24f37ad2fe753e509ace63cb21bd372cf59

  • SSDEEP

    6144:BSfSHl+gv5gY1F53Aul/Egv4+E6qnwEGvIkJ7G9P1m:B2SHl+gv5gY1b5Eo4+EsEEIkJ7G9P1m

Score
10/10
blackmoonbankerdiscoverytrojan

Malware Config

Targets

    • Target

      78039aab990bf932170e0ef08a73923948d7c93389a61fc5fd1f5ee5ca78398a.exe

    • Size

      366KB

    • MD5

      d38fe2c1df43af863869a2ef1583691e

    • SHA1

      fb90b302b1664840560b2920955f2eff4bccd50c

    • SHA256

      78039aab990bf932170e0ef08a73923948d7c93389a61fc5fd1f5ee5ca78398a

    • SHA512

      19ff4a33ba4648607bdbc5362ed55603b15248bf6fa7491c968c9fbe12fe3b9819d45cb39eaf46db640d8ffa1e29f24f37ad2fe753e509ace63cb21bd372cf59

    • SSDEEP

      6144:BSfSHl+gv5gY1F53Aul/Egv4+E6qnwEGvIkJ7G9P1m:B2SHl+gv5gY1b5Eo4+EsEEIkJ7G9P1m

    Score
    10/10
    blackmoonbankerdiscoverytrojan

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks