Overview

overview

10

Static

static

10

06256cc16f...58.exe

windows7-x64

10

06256cc16f...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06256cc16fda60f7b732a445840034d0cee4d96d29499cc3928206cda0ee1b58.exe

  • Size

    366KB

  • Sample

    241217-lzm38axnej

  • MD5

    82b4372b1c0d11728fc000a363773b95

  • SHA1

    f1d2a0c83ede14e63026210e6556b3f1da7f86a8

  • SHA256

    06256cc16fda60f7b732a445840034d0cee4d96d29499cc3928206cda0ee1b58

  • SHA512

    6ed6f3b0e22bdcd89a8bd8ebecfea9abfe2e3a96b9d25c7f59d0e7ef4f0b286659a643bdb9a274698b0b38d4a0926b2771df66504b2ab168f0874b61fec45d96

  • SSDEEP

    6144:BSfSHl+gv5gY1F53Aul/Egv4+E6qnwEGvIkJ7G9P1k:B2SHl+gv5gY1b5Eo4+EsEEIkJ7G9P1k

Score
10/10
blackmoonbankerdiscoverytrojan

Malware Config

Targets

    • Target

      06256cc16fda60f7b732a445840034d0cee4d96d29499cc3928206cda0ee1b58.exe

    • Size

      366KB

    • MD5

      82b4372b1c0d11728fc000a363773b95

    • SHA1

      f1d2a0c83ede14e63026210e6556b3f1da7f86a8

    • SHA256

      06256cc16fda60f7b732a445840034d0cee4d96d29499cc3928206cda0ee1b58

    • SHA512

      6ed6f3b0e22bdcd89a8bd8ebecfea9abfe2e3a96b9d25c7f59d0e7ef4f0b286659a643bdb9a274698b0b38d4a0926b2771df66504b2ab168f0874b61fec45d96

    • SSDEEP

      6144:BSfSHl+gv5gY1F53Aul/Egv4+E6qnwEGvIkJ7G9P1k:B2SHl+gv5gY1b5Eo4+EsEEIkJ7G9P1k

    Score
    10/10
    blackmoonbankerdiscoverytrojan

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks