blackmoon | fce58603d18b169d67fee4a3df7d39757a4126716703840acfe8cfb5e34990e9 | Triage

Submit
Reports

Overview

overview

Static

static

8

fce58603d1...e9.exe

windows7-x64

fce58603d1...e9.exe

windows10-2004-x64

Sharing

General

Target

fce58603d18b169d67fee4a3df7d39757a4126716703840acfe8cfb5e34990e9
Size

688KB
Sample

221126-ae7fksgf58
MD5

b2e12c662badc96d34a096f48db2d85c
SHA1

d6d99f90c0dd1a56a1285532254a1c92a6024077
SHA256

fce58603d18b169d67fee4a3df7d39757a4126716703840acfe8cfb5e34990e9
SHA512

52815a032f3f88758098757fe18bf575423f481a6e58586fc5f80105cce4d367373913516c802decb225e92b2fb0bf3c130163dc2e75d15b4239a16001dbde92
SSDEEP

12288:Q8pU1gjXtuyO5lwwP5JuPi4k57It16nP0jaogTF4mFvnnkWTVb5VedvRoqr+In3/:Q8pUcU98wD6uIp2tL/35bLLRQ/

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fce58603d18b169d67fee4a3df7d39757a4126716703840acfe8cfb5e34990e9.exe

Resource

win7-20221111-en

blackmoon banker trojan vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fce58603d18b169d67fee4a3df7d39757a4126716703840acfe8cfb5e34990e9.exe

Resource

win10v2004-20221111-en

blackmoon banker trojan vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fce58603d18b169d67fee4a3df7d39757a4126716703840acfe8cfb5e34990e9
- Size
  
  688KB
- MD5
  
  b2e12c662badc96d34a096f48db2d85c
- SHA1
  
  d6d99f90c0dd1a56a1285532254a1c92a6024077
- SHA256
  
  fce58603d18b169d67fee4a3df7d39757a4126716703840acfe8cfb5e34990e9
- SHA512
  
  52815a032f3f88758098757fe18bf575423f481a6e58586fc5f80105cce4d367373913516c802decb225e92b2fb0bf3c130163dc2e75d15b4239a16001dbde92
- SSDEEP
  
  12288:Q8pU1gjXtuyO5lwwP5JuPi4k57It16nP0jaogTF4mFvnnkWTVb5VedvRoqr+In3/:Q8pUcU98wD6uIp2tL/35bLLRQ/
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2024

Terms | Privacy