Overview

overview

10

Static

static

5

89221a2df9...a6.exe

windows7-x64

10

89221a2df9...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89221a2df9b01e597601935e7358c70810fb352b4c0f3f1760657ca4b27c2ca6

  • Size

    81KB

  • Sample

    241220-dk2n3axnew

  • MD5

    72a1dc2d1f7f7e2e9a7d68bfdc43f4e5

  • SHA1

    81047f2fb16b7285ca7ba17d4bf87a074516b7b8

  • SHA256

    89221a2df9b01e597601935e7358c70810fb352b4c0f3f1760657ca4b27c2ca6

  • SHA512

    cbcd8d07110adfc1f46529e8200a70da07cb9f5b478b27dc4bc469a2cea392c536c3b645b1bbdb16f5b4560c1b27b092fab21f9a5871056eaf1b7102b9fe59af

  • SSDEEP

    1536:+VtjAKqURk0Ex/tIWLSYGc5cmFF+TTdGka2dQe5GrpXLau:CN1qURFY/RLSO5cmFY9GMdKGu

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Targets

    • Target

      89221a2df9b01e597601935e7358c70810fb352b4c0f3f1760657ca4b27c2ca6

    • Size

      81KB

    • MD5

      72a1dc2d1f7f7e2e9a7d68bfdc43f4e5

    • SHA1

      81047f2fb16b7285ca7ba17d4bf87a074516b7b8

    • SHA256

      89221a2df9b01e597601935e7358c70810fb352b4c0f3f1760657ca4b27c2ca6

    • SHA512

      cbcd8d07110adfc1f46529e8200a70da07cb9f5b478b27dc4bc469a2cea392c536c3b645b1bbdb16f5b4560c1b27b092fab21f9a5871056eaf1b7102b9fe59af

    • SSDEEP

      1536:+VtjAKqURk0Ex/tIWLSYGc5cmFF+TTdGka2dQe5GrpXLau:CN1qURFY/RLSO5cmFY9GMdKGu

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks