blackmoon | 61efe3f6a91e5c6ef31b9c27ced0a0e6f1de73fcf6487b70e1ce69133c0fd99a | Triage

Submit
Reports

Overview

overview

Static

static

7

61efe3f6a9...9a.exe

windows7-x64

61efe3f6a9...9a.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

61efe3f6a91e5c6ef31b9c27ced0a0e6f1de73fcf6487b70e1ce69133c0fd99a
Size

1.0MB
Sample

230828-kcs6aabc4w
MD5

48098be8e5ae8010664d2e006cdc8a8e
SHA1

70e2042b9b3d52ddd133edd2e6c81f83f2ef0071
SHA256

61efe3f6a91e5c6ef31b9c27ced0a0e6f1de73fcf6487b70e1ce69133c0fd99a
SHA512

35fd1edcc721f4951dc14edf8ca00e0a9ef8558db599f56f735fb950cbf23de60e2a25ef58cb02ab6cfcaaa88707e8b3e2c2d5506ba34395203d27897d5e5d06
SSDEEP

24576:hCXGqiuTPZ54YAFWd815T2M5SwMsA2740a388/YolI5hMJWVY:sXGqiu3EFnP2LcA2va388AiI5

Score

10^/10

blackmoon banker trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

61efe3f6a91e5c6ef31b9c27ced0a0e6f1de73fcf6487b70e1ce69133c0fd99a.exe

Resource

win7-20230712-en

blackmoon banker trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

61efe3f6a91e5c6ef31b9c27ced0a0e6f1de73fcf6487b70e1ce69133c0fd99a.exe

Resource

win10v2004-20230824-en

blackmoon banker trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  61efe3f6a91e5c6ef31b9c27ced0a0e6f1de73fcf6487b70e1ce69133c0fd99a
- Size
  
  1.0MB
- MD5
  
  48098be8e5ae8010664d2e006cdc8a8e
- SHA1
  
  70e2042b9b3d52ddd133edd2e6c81f83f2ef0071
- SHA256
  
  61efe3f6a91e5c6ef31b9c27ced0a0e6f1de73fcf6487b70e1ce69133c0fd99a
- SHA512
  
  35fd1edcc721f4951dc14edf8ca00e0a9ef8558db599f56f735fb950cbf23de60e2a25ef58cb02ab6cfcaaa88707e8b3e2c2d5506ba34395203d27897d5e5d06
- SSDEEP
  
  24576:hCXGqiuTPZ54YAFWd815T2M5SwMsA2740a388/YolI5hMJWVY:sXGqiu3EFnP2LcA2va388AiI5
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy