blackmoon | fcf54eaf0f05dae2521ce9a53b67a0ac8a72c98f9f8b25a9258fbe1261f0be5e | Triage

Resubmissions

22-12-2024 05:16

241222-fygbdsvnft 10

22-12-2024 05:11

241222-fvgsravpen 10

22-12-2024 05:11

241222-fvapfavmfw 10

22-12-2024 05:10

241222-ft1t8svmet 10

22-12-2024 05:08

241222-fsntaavnhr 10

22-12-2024 05:05

241222-fq43gsvndj 10

22-12-2024 04:38

241222-e9fzbstnbs 10

Sharing

General

Target

tfd.zip
Size

6.6MB
Sample

241222-fvapfavmfw
MD5

44da30588e79926aa259c03796820e6d
SHA1

37bc83fe0487e8c1f7f309983af78a3b3dab24f2
SHA256

fcf54eaf0f05dae2521ce9a53b67a0ac8a72c98f9f8b25a9258fbe1261f0be5e
SHA512

1ff5a5e9f840fdf7713375c9294149f5265d1b09645eb00c2cc2d1ed07847a7bc990cc3aca8aaaf4205f9415153f9563be630268d28335a85bd1808cba3d8e0d
SSDEEP

98304:Nkm/OuBU0P2VJEgdGuTzUlD4JWX++gLCrK6UjqHiL7y3qF+Ok+K6QppKOU:KmWXXEgEuTzcOpuGDqCK3q0Xkt

Score

10^/10

blackmoon banker discovery trojan

Malware Config

Targets

- Target
  
  GF.DATA
- Size
  
  6.9MB
- MD5
  
  c6e29164ff238c1f3a538722c7ab9871
- SHA1
  
  8e3c981e9dcd9d71c2128811652b4a62acd2622b
- SHA256
  
  4848cd7fd555e5551d94a1b8df19d19a9cf65727c0d8badbe2457516ee19ead7
- SHA512
  
  f9e736d37d83ad38255e22ec282ca6d137471a640981f5bcd039d04ddd3151e4036920d3d182230d1f442f8410ebdc4dc8ef95f7264450a517c4fa9ad3308a31
- SSDEEP
  
  196608:2r05756bdjFOVhF22yMRTvBmmzIzCMRo:2FdjUVhacB1sJRo
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  run me as admin.bat
- Size
  
  111B
- MD5
  
  32ebd1b51e027f5eb86c7cd3bf98f661
- SHA1
  
  9f94f463b0c60e73cb6d9a221feb86da05bf5582
- SHA256
  
  49941008e16ca6b79cc4949da034da2696d7f78d6664b74afcd11902eb76c3c9
- SHA512
  
  4540c9d9ea0e58e889d29d50cb22bb4e0d5c401475127c529d9abacf9ea0c3a9aa8b22ca1b13fd6da98f0452b8e7d22111b59bc520b57601e3d6e606c0d48b35
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

behavioral2

blackmoonbankerdiscoverytrojan