Overview

overview

10

Static

static

3

ENG.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ENG.exe

  • Size

    274KB

  • Sample

    250401-v6r57asyfw

  • MD5

    19178c984d2b0cd1892184d49e1fe363

  • SHA1

    aebbd3bc04139710060e7ebc2d1b4dc1fdb3ab0b

  • SHA256

    3b9ec63de654a60c5daf67e8be68c8b99e0df5f7d52948f953a6f73745419879

  • SHA512

    4e9dc1df719f233509d86c9a1174bf0c62c8902cbc370df2ec5f688df7bdaac0d42de669b7980541afe108a8a1f11a512d713ec8b3fc9c39fa815b96ea7930fb

  • SSDEEP

    6144:PFc2dmBAWN/ccQEU9euYg7XCOiQ04eA61CIjjibEjKpm7oS:PFc2A3ecQEU9euYuXCOiQWHkIjjX2m7Z

Score
10/10
blackmoonbankerdefense_evasiondiscoverypersistencetrojan

Malware Config

Targets

    • Target

      ENG.exe

    • Size

      274KB

    • MD5

      19178c984d2b0cd1892184d49e1fe363

    • SHA1

      aebbd3bc04139710060e7ebc2d1b4dc1fdb3ab0b

    • SHA256

      3b9ec63de654a60c5daf67e8be68c8b99e0df5f7d52948f953a6f73745419879

    • SHA512

      4e9dc1df719f233509d86c9a1174bf0c62c8902cbc370df2ec5f688df7bdaac0d42de669b7980541afe108a8a1f11a512d713ec8b3fc9c39fa815b96ea7930fb

    • SSDEEP

      6144:PFc2dmBAWN/ccQEU9euYg7XCOiQ04eA61CIjjibEjKpm7oS:PFc2A3ecQEU9euYuXCOiQWHkIjjX2m7Z

    Score
    10/10
    blackmoonbankerdefense_evasiondiscoverypersistencetrojan

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Indicator Removal: Clear Persistence

      remove IFEO.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks