blackmoon | fcf54eaf0f05dae2521ce9a53b67a0ac8a72c98f9f8b25a9258fbe1261f0be5e | Triage

Submit
Reports

Overview

overview

Static

static

tfd.zip

windows11-21h2-x64

Resubmissions

22-12-2024 05:16

241222-fygbdsvnft 10

22-12-2024 05:11

241222-fvgsravpen 10

22-12-2024 05:11

241222-fvapfavmfw 10

22-12-2024 05:10

241222-ft1t8svmet 10

22-12-2024 05:08

241222-fsntaavnhr 10

22-12-2024 05:05

241222-fq43gsvndj 10

22-12-2024 04:38

241222-e9fzbstnbs 10

Sharing

General

Target

tfd.zip
Size

6.6MB
Sample

241222-fvgsravpen
MD5

44da30588e79926aa259c03796820e6d
SHA1

37bc83fe0487e8c1f7f309983af78a3b3dab24f2
SHA256

fcf54eaf0f05dae2521ce9a53b67a0ac8a72c98f9f8b25a9258fbe1261f0be5e
SHA512

1ff5a5e9f840fdf7713375c9294149f5265d1b09645eb00c2cc2d1ed07847a7bc990cc3aca8aaaf4205f9415153f9563be630268d28335a85bd1808cba3d8e0d
SSDEEP

98304:Nkm/OuBU0P2VJEgdGuTzUlD4JWX++gLCrK6UjqHiL7y3qF+Ok+K6QppKOU:KmWXXEgEuTzcOpuGDqCK3q0Xkt

Score

10^/10

blackmoon banker discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

tfd.zip

Resource

win11-20241007-en

blackmoon banker discovery trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  tfd.zip
- Size
  
  6.6MB
- MD5
  
  44da30588e79926aa259c03796820e6d
- SHA1
  
  37bc83fe0487e8c1f7f309983af78a3b3dab24f2
- SHA256
  
  fcf54eaf0f05dae2521ce9a53b67a0ac8a72c98f9f8b25a9258fbe1261f0be5e
- SHA512
  
  1ff5a5e9f840fdf7713375c9294149f5265d1b09645eb00c2cc2d1ed07847a7bc990cc3aca8aaaf4205f9415153f9563be630268d28335a85bd1808cba3d8e0d
- SSDEEP
  
  98304:Nkm/OuBU0P2VJEgdGuTzUlD4JWX++gLCrK6UjqHiL7y3qF+Ok+K6QppKOU:KmWXXEgEuTzcOpuGDqCK3q0Xkt
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

© 2018-2024

Terms | Privacy