Overview

overview

10

Static

static

10

3068c17ad5...20.exe

windows7-x64

10

3068c17ad5...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3068c17ad51cf407433cc89e71b9190e7fcd8c82f914785c0e9487d24de61b20

  • Size

    2.6MB

  • Sample

    241220-3fagfswpgy

  • MD5

    ee93f85ebd4faadb04fc34a3d7321a4e

  • SHA1

    0ef87a6904b5f0668a66a12521f1737971c6bcee

  • SHA256

    3068c17ad51cf407433cc89e71b9190e7fcd8c82f914785c0e9487d24de61b20

  • SHA512

    8479b6b67727e3fe76cb6b9dc99d9c8cfee57ec24a14e5fce5fb477bcdc60b51db72055843e1f6c7a7c717e04241b5fe257b85ca0dba681e60ea1a6f2216b5d1

  • SSDEEP

    49152:Mp6qkpHtyyj+KmfFYEMGjHOcI0zVGrlHOFhVcpP4Ru040vSwK:YQt1Lmf/HlFVGrlH2s4Ru040a

Score
10/10
blackmoonbankerdiscoveryspywarestealertrojanupx

Malware Config

Targets

    • Target

      3068c17ad51cf407433cc89e71b9190e7fcd8c82f914785c0e9487d24de61b20

    • Size

      2.6MB

    • MD5

      ee93f85ebd4faadb04fc34a3d7321a4e

    • SHA1

      0ef87a6904b5f0668a66a12521f1737971c6bcee

    • SHA256

      3068c17ad51cf407433cc89e71b9190e7fcd8c82f914785c0e9487d24de61b20

    • SHA512

      8479b6b67727e3fe76cb6b9dc99d9c8cfee57ec24a14e5fce5fb477bcdc60b51db72055843e1f6c7a7c717e04241b5fe257b85ca0dba681e60ea1a6f2216b5d1

    • SSDEEP

      49152:Mp6qkpHtyyj+KmfFYEMGjHOcI0zVGrlHOFhVcpP4Ru040vSwK:YQt1Lmf/HlFVGrlH2s4Ru040a

    Score
    10/10
    blackmoonbankerdiscoveryspywarestealertrojanupx

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks