Overview

overview

10

Static

static

3

9f33cff08e...1a.exe

windows7-x64

10

9f33cff08e...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f33cff08e3cd003014617ef7607b5e800ff2bb200b3490334e5d9eefb3a351a.exe

  • Size

    34KB

  • Sample

    241225-vghkfsyqgv

  • MD5

    e57f3af1e46055845b6f67820c584011

  • SHA1

    72fa64e73df5148dea2fb5b06c63e87f79ca4deb

  • SHA256

    9f33cff08e3cd003014617ef7607b5e800ff2bb200b3490334e5d9eefb3a351a

  • SHA512

    6fc310e83ad0aad281e93e3ca987f0dcb878d82db42f2995e9fad685ce2ec93f79a98bd7ed05b3d4da3ef00c4f35708a83aa04901e2d1c523ad818d1a96345d2

  • SSDEEP

    768:gxa4PfkczEClQF0QGqwq0E6Na8WFaDrTCMNR8Gx8IPE7BNKSzHctMlC:RQftW0QGq/aabWrTsGx3P6Cbt7

Score
10/10
blackmoonbankerdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      9f33cff08e3cd003014617ef7607b5e800ff2bb200b3490334e5d9eefb3a351a.exe

    • Size

      34KB

    • MD5

      e57f3af1e46055845b6f67820c584011

    • SHA1

      72fa64e73df5148dea2fb5b06c63e87f79ca4deb

    • SHA256

      9f33cff08e3cd003014617ef7607b5e800ff2bb200b3490334e5d9eefb3a351a

    • SHA512

      6fc310e83ad0aad281e93e3ca987f0dcb878d82db42f2995e9fad685ce2ec93f79a98bd7ed05b3d4da3ef00c4f35708a83aa04901e2d1c523ad818d1a96345d2

    • SSDEEP

      768:gxa4PfkczEClQF0QGqwq0E6Na8WFaDrTCMNR8Gx8IPE7BNKSzHctMlC:RQftW0QGq/aabWrTsGx3P6Cbt7

    Score
    10/10
    blackmoonbankerdiscoverypersistencetrojan

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks