Overview

overview

10

Static

static

10

b0e84ed89c...4N.exe

windows7-x64

10

b0e84ed89c...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0e84ed89cc8acf538542824d322d5bc91f893324489331430eb54af39fc2ef4N.exe

  • Size

    357KB

  • Sample

    241219-j1qvdswrap

  • MD5

    aefeb74729763b0a94dd5710b8101560

  • SHA1

    c496cd8ffe2214bcd20fb232c90e00f9567435e1

  • SHA256

    b0e84ed89cc8acf538542824d322d5bc91f893324489331430eb54af39fc2ef4

  • SHA512

    14ee7f16588ab5ecc3f59648382ba8571dff2913d01c852fffb656da0f5e72436ac4ebe8338e04dd3aaa00a79eb335e9f76f73aaea0fab493bc0ec8ff5d6b620

  • SSDEEP

    6144:mvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oJ:mvMQ5ibjnwka3pbRC19Gw/NsoJ

Score
10/10
blackmoonbankerdiscoverytrojan

Malware Config

Targets

    • Target

      b0e84ed89cc8acf538542824d322d5bc91f893324489331430eb54af39fc2ef4N.exe

    • Size

      357KB

    • MD5

      aefeb74729763b0a94dd5710b8101560

    • SHA1

      c496cd8ffe2214bcd20fb232c90e00f9567435e1

    • SHA256

      b0e84ed89cc8acf538542824d322d5bc91f893324489331430eb54af39fc2ef4

    • SHA512

      14ee7f16588ab5ecc3f59648382ba8571dff2913d01c852fffb656da0f5e72436ac4ebe8338e04dd3aaa00a79eb335e9f76f73aaea0fab493bc0ec8ff5d6b620

    • SSDEEP

      6144:mvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oJ:mvMQ5ibjnwka3pbRC19Gw/NsoJ

    Score
    10/10
    blackmoonbankerdiscoverytrojan

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks