blackmoon | a63c796e09f7726d5e91e6d84267e7984dbd268fc0b37838bc1dda60fcf5a444 | Triage

Submit
Reports

Overview

overview

Static

static

8

a63c796e09...44.dll

windows7-x64

a63c796e09...44.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a63c796e09f7726d5e91e6d84267e7984dbd268fc0b37838bc1dda60fcf5a444
Size

356KB
Sample

221130-3xdv7sbc31
MD5

0c62551f9684a103dac30b13a1c392f0
SHA1

ff07d54f409fe54ff8d532f12b9f554b991cc63e
SHA256

a63c796e09f7726d5e91e6d84267e7984dbd268fc0b37838bc1dda60fcf5a444
SHA512

31b33fb72750d7fe452bef8967c32033522e25f1f36925492ca5640f0a08b92a9d90a223a5b7794367494b15a03083a2141f81c98d6dbab909f3691900c02e40
SSDEEP

6144:tHWao/MtE0rOcx0J1ypTuNBpXgi2QDh0ICLy8NoH1vszYDbuRLpqluWnXCW+mhsJ:1Wao/vU41ybE90dLGEzwSRQbQmhz2s2y

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a63c796e09f7726d5e91e6d84267e7984dbd268fc0b37838bc1dda60fcf5a444.dll

Resource

win7-20220812-en

blackmoon banker trojan vmprotect

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

a63c796e09f7726d5e91e6d84267e7984dbd268fc0b37838bc1dda60fcf5a444.dll

Resource

win10v2004-20220812-en

blackmoon banker trojan vmprotect

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  a63c796e09f7726d5e91e6d84267e7984dbd268fc0b37838bc1dda60fcf5a444
- Size
  
  356KB
- MD5
  
  0c62551f9684a103dac30b13a1c392f0
- SHA1
  
  ff07d54f409fe54ff8d532f12b9f554b991cc63e
- SHA256
  
  a63c796e09f7726d5e91e6d84267e7984dbd268fc0b37838bc1dda60fcf5a444
- SHA512
  
  31b33fb72750d7fe452bef8967c32033522e25f1f36925492ca5640f0a08b92a9d90a223a5b7794367494b15a03083a2141f81c98d6dbab909f3691900c02e40
- SSDEEP
  
  6144:tHWao/MtE0rOcx0J1ypTuNBpXgi2QDh0ICLy8NoH1vszYDbuRLpqluWnXCW+mhsJ:1Wao/vU41ybE90dLGEzwSRQbQmhz2s2y
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy