blackmoon | c3d4eeae3daaa502bd62867e11c938b3edf3c6e9b74b32c8bd1ece15e1fb2692 | Triage

Submit
Reports

Overview

overview

Static

static

c3d4eeae3d...92.exe

windows7-x64

c3d4eeae3d...92.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c3d4eeae3daaa502bd62867e11c938b3edf3c6e9b74b32c8bd1ece15e1fb2692
Size

1.7MB
Sample

221125-pdtwesah4x
MD5

57cab1a08493192f06ee340df94ec9e4
SHA1

3dd5a002757ef6997735013f3c4a2a509d96c1c5
SHA256

c3d4eeae3daaa502bd62867e11c938b3edf3c6e9b74b32c8bd1ece15e1fb2692
SHA512

261d22f022689354de73e7480f48bac70e67d0aa73b281cb3e8aafdeb3e0439c7c13ef2e99bdda9503e6e5d10b5c7d3b3b53520c45b3cec816c57528f9451c5c
SSDEEP

49152:jz55RBfx8Lxf/0gmksLg8pV8e8EQI7loL:/rRBfx8Vf8z5LPVb8DT

Score

10^/10

blackmoon banker trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c3d4eeae3daaa502bd62867e11c938b3edf3c6e9b74b32c8bd1ece15e1fb2692.exe

Resource

win7-20220812-en

blackmoon banker trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3d4eeae3daaa502bd62867e11c938b3edf3c6e9b74b32c8bd1ece15e1fb2692.exe

Resource

win10v2004-20221111-en

blackmoon banker trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c3d4eeae3daaa502bd62867e11c938b3edf3c6e9b74b32c8bd1ece15e1fb2692
- Size
  
  1.7MB
- MD5
  
  57cab1a08493192f06ee340df94ec9e4
- SHA1
  
  3dd5a002757ef6997735013f3c4a2a509d96c1c5
- SHA256
  
  c3d4eeae3daaa502bd62867e11c938b3edf3c6e9b74b32c8bd1ece15e1fb2692
- SHA512
  
  261d22f022689354de73e7480f48bac70e67d0aa73b281cb3e8aafdeb3e0439c7c13ef2e99bdda9503e6e5d10b5c7d3b3b53520c45b3cec816c57528f9451c5c
- SSDEEP
  
  49152:jz55RBfx8Lxf/0gmksLg8pV8e8EQI7loL:/rRBfx8Vf8z5LPVb8DT
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy