- https://unit42.paloaltonetworks.com/unit42-krbanker-targets-south-korea-through-adware-and-exploit-kits-2/
- https://threatpost.com/blackmoon-banking-trojan-using-new-infection-technique/125425/
- https://community.rsa.com/community/products/netwitness/blog/2017/05/19/the-blackmoon-trojan-framework
- https://www.fortinet.com/blog/threat-research/over-100-000-south-korean-users-affected-by-blackmoon-campaign.html
- https://www.fidelissecurity.com/threatgeek/threat-intelligence/blackmoon-banking-trojan-new-framework
Showing posts with label blackmoon. Show all posts
Showing posts with label blackmoon. Show all posts
Monday, March 18, 2019
Analysis of BlackMoon (Banking Trojan)'s Evolution, And The Possibility of a Latest Version Under Development
BlackMoon, also known as KrBanker, is a banking trojan that mainly targets South Korea. I thought this family was dead since time ago (around 2016), however these previous days I got a couple of rencent samples that, after unpacking them and performing a quick analysis, I noticed they were BlackMoon. Virustotal's first submission date for one of these samples is 2018-06-18. First submission date for the other one is 2018-11-01. After digging a bit more into this malware family, my conclussion was that probably there is a latest version of BlackMoon that is under development. I explain it in this post, that I hope you enjoy.
Original Packed Sample: C38E54342CDAE1D9181EC48E94DC5C83
Automatic Generated Report: PepperMalware Report
Virustotal First Submission: 2018-11-01 07:03:51
Unpacked Banker Module: 4634F4EF94D9A3A0E2FCF5078151ADB2
Related links:
Subscribe to:
Posts (Atom)