blackmoon | a2aa2e6b0447a3aad1a3aa6fa6d9bab321b11444757b1ca8a1e7f09d1443166c | Triage

Submit
Reports

Overview

overview

Static

static

a2aa2e6b04...6c.exe

windows7-x64

a2aa2e6b04...6c.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a2aa2e6b0447a3aad1a3aa6fa6d9bab321b11444757b1ca8a1e7f09d1443166c
Size

1.1MB
Sample

230828-eg214afd82
MD5

9d45e945a60842b9604400b50f4a4df3
SHA1

c6612b36b852a2cf0b599ee3758a80da99d860b9
SHA256

a2aa2e6b0447a3aad1a3aa6fa6d9bab321b11444757b1ca8a1e7f09d1443166c
SHA512

e02a509d07da7040f14293dc086f2eab9f89e415868be1019881ed4720adc24b48b5a4ae96531b8693d9a601324ee9bb1dc83e32373ef727214b9c7b66888226
SSDEEP

24576:l85qKmpmYZeU4Urece8rVGCzHutX79kR9T4J9:leYZx4UrecfRCtX7q3T4

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a2aa2e6b0447a3aad1a3aa6fa6d9bab321b11444757b1ca8a1e7f09d1443166c.exe

Resource

win7-20230824-en

blackmoon banker trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2aa2e6b0447a3aad1a3aa6fa6d9bab321b11444757b1ca8a1e7f09d1443166c.exe

Resource

win10v2004-20230824-en

blackmoon banker trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2aa2e6b0447a3aad1a3aa6fa6d9bab321b11444757b1ca8a1e7f09d1443166c
- Size
  
  1.1MB
- MD5
  
  9d45e945a60842b9604400b50f4a4df3
- SHA1
  
  c6612b36b852a2cf0b599ee3758a80da99d860b9
- SHA256
  
  a2aa2e6b0447a3aad1a3aa6fa6d9bab321b11444757b1ca8a1e7f09d1443166c
- SHA512
  
  e02a509d07da7040f14293dc086f2eab9f89e415868be1019881ed4720adc24b48b5a4ae96531b8693d9a601324ee9bb1dc83e32373ef727214b9c7b66888226
- SSDEEP
  
  24576:l85qKmpmYZeU4Urece8rVGCzHutX79kR9T4J9:leYZx4UrecfRCtX7q3T4
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy