blackmoon | 6686cc875a4adf78aa0d282efc3a13944b7fd95c9ee262cf762edf17ff8c3c14 | Triage

Submit
Reports

Overview

overview

Static

static

6686cc875a...14.exe

windows7-x64

6686cc875a...14.exe

windows10-2004-x64

Sharing

General

Target

6686cc875a4adf78aa0d282efc3a13944b7fd95c9ee262cf762edf17ff8c3c14
Size

11.0MB
Sample

221126-3fe2yagb8w
MD5

48d364a7ada809d065de104ac081f574
SHA1

bd98757417a1a381f065c65171d05e5256c799c9
SHA256

6686cc875a4adf78aa0d282efc3a13944b7fd95c9ee262cf762edf17ff8c3c14
SHA512

ac39151832e1acb764b5a9e6d9d9ddd89aa93c24e7bf361ba598fb1a1eb5b58b4329124261364dff3c0e0a7c3e43a676a3707da1d297b79d5edaf0ee293ec415
SSDEEP

196608:Zo+6V21shWOp620S6xmYY1b7TUoyiD3/x7XJNiVsv++bBziFQfx+kkhRK6+skCXK:421shWOp626mYY1tyiD3liVsv++bBzir

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

vmprotect blackmoon

3 signatures

Behavioral task

behavioral1

Sample

6686cc875a4adf78aa0d282efc3a13944b7fd95c9ee262cf762edf17ff8c3c14.exe

Resource

win7-20220812-en

blackmoon banker trojan vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

6686cc875a4adf78aa0d282efc3a13944b7fd95c9ee262cf762edf17ff8c3c14.exe

Resource

win10v2004-20220901-en

blackmoon banker trojan vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  6686cc875a4adf78aa0d282efc3a13944b7fd95c9ee262cf762edf17ff8c3c14
- Size
  
  11.0MB
- MD5
  
  48d364a7ada809d065de104ac081f574
- SHA1
  
  bd98757417a1a381f065c65171d05e5256c799c9
- SHA256
  
  6686cc875a4adf78aa0d282efc3a13944b7fd95c9ee262cf762edf17ff8c3c14
- SHA512
  
  ac39151832e1acb764b5a9e6d9d9ddd89aa93c24e7bf361ba598fb1a1eb5b58b4329124261364dff3c0e0a7c3e43a676a3707da1d297b79d5edaf0ee293ec415
- SSDEEP
  
  196608:Zo+6V21shWOp620S6xmYY1b7TUoyiD3/x7XJNiVsv++bBziFQfx+kkhRK6+skCXK:421shWOp626mYY1tyiD3liVsv++bBzir
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

vmprotectblackmoon

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2024

Terms | Privacy