blackmoon | 3e632ebb9573c1d1f5b0c2b7a679728c9ce595e0a6faf0c59463552ef61243d0

Analysis

max time kernel
111s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e632ebb9573c1d1f5b0c2b7a679728c9ce595e0a6faf0c59463552ef61243d0N.exe
Size

692KB
MD5

94cafc6b24670b38155d189bcae66090
SHA1

f4818147a4769cf40a7bbb7f5b6fdb287a89692b
SHA256

3e632ebb9573c1d1f5b0c2b7a679728c9ce595e0a6faf0c59463552ef61243d0
SHA512

28d73729303ce3ba2f8324b7e237540a6512c997a3b645dd9e6a95762085d10950a09e2128f820a9afb56070113f642f027ab5c65cf2a5a086e438993eb78e20
SSDEEP

12288:L7Qp3yqk/hh/ZT4MzPCjl6VMj/pkiDpyGZBdaS6ob0brac0a5hJKzrKezs54TX0W:S3yq8JZPzyl6iLpk6faS6obuGc0a5hJm

Score

10^/10

blackmoon banker discovery trojan

Malware Config

Signatures

Blackmoon family
blackmoon
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
behavioral2/memory/1640-1-0x0000000000400000-0x00000000006DE000-memory.dmp	family_blackmoon

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3e632ebb9573c1d1f5b0c2b7a679728c9ce595e0a6faf0c59463552ef61243d0N.exe

C:\Users\Admin\AppData\Local\Temp\3e632ebb9573c1d1f5b0c2b7a679728c9ce595e0a6faf0c59463552ef61243d0N.exe
"C:\Users\Admin\AppData\Local\Temp\3e632ebb9573c1d1f5b0c2b7a679728c9ce595e0a6faf0c59463552ef61243d0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-0-0x0000000000400000-0x00000000006DE000-memory.dmp

Filesize
2.9MB

Download
memory/1640-1-0x0000000000400000-0x00000000006DE000-memory.dmp

Filesize
2.9MB

Download