blackmoon | 6d500dea0f3438c0fd435fb1fc788506e716fea19047fe4cd1f74d53eb4d8856 | Triage

Submit
Reports

Overview

overview

Static

static

8

6d500dea0f...56.dll

windows7-x64

6d500dea0f...56.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6d500dea0f3438c0fd435fb1fc788506e716fea19047fe4cd1f74d53eb4d8856
Size

369KB
Sample

221129-ph1jrsbh2s
MD5

4742089e7af01006de590761c0f7c9a0
SHA1

c4ef20622765c2295098a862e341fc491ac59669
SHA256

6d500dea0f3438c0fd435fb1fc788506e716fea19047fe4cd1f74d53eb4d8856
SHA512

52194018eb02121649dadf4affb005668779ca43f672c1b5d7af3a18a3e2097f484d347db537b8e4e7af4d94abc78daad4b42cdab708ea64afa148622398275e
SSDEEP

6144:o60SB+yfujURFKgfAXSdWtIDMWXEFIFiRCUg67mHO6WIJse1CiipeRW7A/4omiC9:D0SAyfwkemEIo0CmiRvg67mLNKGfiVrB

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6d500dea0f3438c0fd435fb1fc788506e716fea19047fe4cd1f74d53eb4d8856.dll

Resource

win7-20220812-en

blackmoon banker trojan vmprotect

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

6d500dea0f3438c0fd435fb1fc788506e716fea19047fe4cd1f74d53eb4d8856.dll

Resource

win10v2004-20221111-en

blackmoon banker trojan vmprotect

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  6d500dea0f3438c0fd435fb1fc788506e716fea19047fe4cd1f74d53eb4d8856
- Size
  
  369KB
- MD5
  
  4742089e7af01006de590761c0f7c9a0
- SHA1
  
  c4ef20622765c2295098a862e341fc491ac59669
- SHA256
  
  6d500dea0f3438c0fd435fb1fc788506e716fea19047fe4cd1f74d53eb4d8856
- SHA512
  
  52194018eb02121649dadf4affb005668779ca43f672c1b5d7af3a18a3e2097f484d347db537b8e4e7af4d94abc78daad4b42cdab708ea64afa148622398275e
- SSDEEP
  
  6144:o60SB+yfujURFKgfAXSdWtIDMWXEFIFiRCUg67mHO6WIJse1CiipeRW7A/4omiC9:D0SAyfwkemEIo0CmiRvg67mLNKGfiVrB
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy