blackmoon | 2c193a7ae021ac695125b45017b325ef68d2895c71f2cf88a8a1c66bc85c82a3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

2c193a7ae0...a3.dll

windows7-x64

2c193a7ae0...a3.dll

windows10-2004-x64

Sharing

General

Target

2c193a7ae021ac695125b45017b325ef68d2895c71f2cf88a8a1c66bc85c82a3
Size

331KB
Sample

221129-p8by4adh4v
MD5

967ffab34af15c3b341429a2c87d0bd0
SHA1

4b219dc8b063b67c566e57a957bb9ca86bfae3d2
SHA256

2c193a7ae021ac695125b45017b325ef68d2895c71f2cf88a8a1c66bc85c82a3
SHA512

d8a06e22f4b692838197a0627bac647e2a7e1cc5c4e4132f3d68cb391a8c068f7d5d43b3efd25a574bb3e77bc15d6b9451ba2600dc0a3e34ddd4dc93210c5905
SSDEEP

6144:Ag8qAFmLoT7cqANKKi8zbGvrEfyv3cGrvwsUxF5rvnwbiZy0vgP3ZGT:Ag7Ah7cqANKKiubGYfyvM6vwT3i0vIJQ

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2c193a7ae021ac695125b45017b325ef68d2895c71f2cf88a8a1c66bc85c82a3.dll

Resource

win7-20221111-en

blackmoon banker trojan vmprotect

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c193a7ae021ac695125b45017b325ef68d2895c71f2cf88a8a1c66bc85c82a3.dll

Resource

win10v2004-20220812-en

blackmoon banker trojan vmprotect

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  2c193a7ae021ac695125b45017b325ef68d2895c71f2cf88a8a1c66bc85c82a3
- Size
  
  331KB
- MD5
  
  967ffab34af15c3b341429a2c87d0bd0
- SHA1
  
  4b219dc8b063b67c566e57a957bb9ca86bfae3d2
- SHA256
  
  2c193a7ae021ac695125b45017b325ef68d2895c71f2cf88a8a1c66bc85c82a3
- SHA512
  
  d8a06e22f4b692838197a0627bac647e2a7e1cc5c4e4132f3d68cb391a8c068f7d5d43b3efd25a574bb3e77bc15d6b9451ba2600dc0a3e34ddd4dc93210c5905
- SSDEEP
  
  6144:Ag8qAFmLoT7cqANKKi8zbGvrEfyv3cGrvwsUxF5rvnwbiZy0vgP3ZGT:Ag7Ah7cqANKKiubGYfyvM6vwT3i0vIJQ
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy