blackmoon | 9ad0cafdba54de544ad7c8fa4ed0e83ddf564c97aee4c00222e8c0031b5b51d9 | Triage

Submit
Reports

Overview

overview

Static

static

7

9ad0cafdba...d9.dll

windows7-x64

9ad0cafdba...d9.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9ad0cafdba54de544ad7c8fa4ed0e83ddf564c97aee4c00222e8c0031b5b51d9
Size

2.9MB
Sample

230824-kqkq3acg4x
MD5

ab7dc02cc8ed6cad5e20ad35d975d40f
SHA1

7b9a5a4057bdfcf948c94b1519d186f7bb06612e
SHA256

9ad0cafdba54de544ad7c8fa4ed0e83ddf564c97aee4c00222e8c0031b5b51d9
SHA512

7887edc9e91d1c98d5f8cbb3db6370cb2c6ad5c4adf38a0c9aec6bf00f92419d6fa7f12de3e91e1d6b94c0100d40bbbe55e4e4b6d36ccdbbad0d6270301051ce
SSDEEP

49152:0mN3JexYE/p+N0mBbl++rCbZ9J+mmWj3wiamXGyT5viIAIRSKvLLR838xKcERc14:DN5q/8ymBbljr8+mH3wiamXGs5iyRSKc

Score

10^/10

blackmoon banker persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9ad0cafdba54de544ad7c8fa4ed0e83ddf564c97aee4c00222e8c0031b5b51d9.dll

Resource

win7-20230712-en

blackmoon banker persistence trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ad0cafdba54de544ad7c8fa4ed0e83ddf564c97aee4c00222e8c0031b5b51d9.dll

Resource

win10v2004-20230703-en

blackmoon banker persistence trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  9ad0cafdba54de544ad7c8fa4ed0e83ddf564c97aee4c00222e8c0031b5b51d9
- Size
  
  2.9MB
- MD5
  
  ab7dc02cc8ed6cad5e20ad35d975d40f
- SHA1
  
  7b9a5a4057bdfcf948c94b1519d186f7bb06612e
- SHA256
  
  9ad0cafdba54de544ad7c8fa4ed0e83ddf564c97aee4c00222e8c0031b5b51d9
- SHA512
  
  7887edc9e91d1c98d5f8cbb3db6370cb2c6ad5c4adf38a0c9aec6bf00f92419d6fa7f12de3e91e1d6b94c0100d40bbbe55e4e4b6d36ccdbbad0d6270301051ce
- SSDEEP
  
  49152:0mN3JexYE/p+N0mBbl++rCbZ9J+mmWj3wiamXGyT5viIAIRSKvLLR838xKcERc14:DN5q/8ymBbljr8+mH3wiamXGs5iyRSKc
Score

10^/10

blackmoon banker persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojanupx

behavioral2

blackmoonbankerpersistencetrojanupx

© 2018-2025

Terms | Privacy