blackmoon | dc25587f5dc1ac6ba840fec322e3da9c7cd74513a5913cc972f58f46a97586cf | Triage

Submit
Reports

Overview

overview

Static

static

8

dc25587f5d...cf.exe

windows7-x64

dc25587f5d...cf.exe

windows10-2004-x64

Sharing

General

Target

dc25587f5dc1ac6ba840fec322e3da9c7cd74513a5913cc972f58f46a97586cf
Size

764KB
Sample

221129-r7jnnacg6v
MD5

c425e812c54f2ebab60ae5d63394e8db
SHA1

428d4dc799b7ad90e672de5987083ccf02f52000
SHA256

dc25587f5dc1ac6ba840fec322e3da9c7cd74513a5913cc972f58f46a97586cf
SHA512

2651f3cbef5446dbecaaac8b66cb0c6abff0dc81a4fec2090fd1ee7cbc50a4aca2ef3f8c4b0feef70a32f7062353453076845aa4a198d4f2830f4c5e9b1debb5
SSDEEP

12288:gVBXW6SW/mS3/s5UcOvCo5g1MGhNpb/oxswmwblcvuw9bhvEJsLJse118ei/DzPJ:aW6SF5uWMW3whcGUbhvmWKe1qH6l

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc25587f5dc1ac6ba840fec322e3da9c7cd74513a5913cc972f58f46a97586cf.exe

Resource

win7-20220812-en

blackmoon banker trojan vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc25587f5dc1ac6ba840fec322e3da9c7cd74513a5913cc972f58f46a97586cf.exe

Resource

win10v2004-20220812-en

blackmoon banker trojan vmprotect

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc25587f5dc1ac6ba840fec322e3da9c7cd74513a5913cc972f58f46a97586cf
- Size
  
  764KB
- MD5
  
  c425e812c54f2ebab60ae5d63394e8db
- SHA1
  
  428d4dc799b7ad90e672de5987083ccf02f52000
- SHA256
  
  dc25587f5dc1ac6ba840fec322e3da9c7cd74513a5913cc972f58f46a97586cf
- SHA512
  
  2651f3cbef5446dbecaaac8b66cb0c6abff0dc81a4fec2090fd1ee7cbc50a4aca2ef3f8c4b0feef70a32f7062353453076845aa4a198d4f2830f4c5e9b1debb5
- SSDEEP
  
  12288:gVBXW6SW/mS3/s5UcOvCo5g1MGhNpb/oxswmwblcvuw9bhvEJsLJse118ei/DzPJ:aW6SF5uWMW3whcGUbhvmWKe1qH6l
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy