blackmoon | 8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1 | Triage

Submit
Reports

Overview

overview

Static

static

7

8df9f77430...c1.exe

windows7-x64

8df9f77430...c1.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1
Size

7.3MB
Sample

230816-yjqkmadf78
MD5

5b39da89cef02591bdfc96eed43e34b6
SHA1

c2c1842873833a9b98adf4c9bdc334f663246678
SHA256

8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1
SHA512

4ca2178b4fda5c5c8e97b9dad698dd7e28e649cdbed2fef6004c00342e48b9705ac7cf6c6fba42db009ab95b87717dcfaf6517e4a65a32b60b5de5d842cd3b0e
SSDEEP

196608:jrb05sUTRv8hGEn/nqh9tJgSWJtjr5Je9C:js5sUBWnniVvWvjr5Je9C

Score

10^/10

blackmoon banker themida trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1.exe

Resource

win7-20230712-en

blackmoon banker themida trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1.exe

Resource

win10v2004-20230703-en

blackmoon banker themida trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1
- Size
  
  7.3MB
- MD5
  
  5b39da89cef02591bdfc96eed43e34b6
- SHA1
  
  c2c1842873833a9b98adf4c9bdc334f663246678
- SHA256
  
  8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1
- SHA512
  
  4ca2178b4fda5c5c8e97b9dad698dd7e28e649cdbed2fef6004c00342e48b9705ac7cf6c6fba42db009ab95b87717dcfaf6517e4a65a32b60b5de5d842cd3b0e
- SSDEEP
  
  196608:jrb05sUTRv8hGEn/nqh9tJgSWJtjr5Je9C:js5sUBWnniVvWvjr5Je9C
Score

10^/10

blackmoon banker themida trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerthemidatrojanupx

behavioral2

blackmoonbankerthemidatrojanupx

© 2018-2025

Terms | Privacy