blackmoon | f8b10ffc38d8eff0325e07f8bea1eb68a42cfc9ac036bbbbb608fec80b735a2c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

f8b10ffc38...2c.exe

windows7-x64

f8b10ffc38...2c.exe

windows10-2004-x64

Sharing

General

Target

f8b10ffc38d8eff0325e07f8bea1eb68a42cfc9ac036bbbbb608fec80b735a2c
Size

5.1MB
Sample

230921-csdrjaec56
MD5

7f3e82efbcf6a531d47e81eae4a2a36a
SHA1

778e7057e6197c0ae0d51f77f1e879c149cb5596
SHA256

f8b10ffc38d8eff0325e07f8bea1eb68a42cfc9ac036bbbbb608fec80b735a2c
SHA512

3408585ec3b574ac186bd151a43b56e39b110e255c703088324fee30e7e0718684283358670bf5728cc9e59fcd35f2d773c9d11f36ff98047e8082658645d419
SSDEEP

98304:7Scm39Meg4YMdxdo2K/slOgyYsUoozKMpwcE/ymGkbUcnwmi:OH3m4zo2KUlVyYshoe0w56rkbdT

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

vmprotect blackmoon

4 signatures

Behavioral task

behavioral1

Sample

f8b10ffc38d8eff0325e07f8bea1eb68a42cfc9ac036bbbbb608fec80b735a2c.exe

Resource

win7-20230831-en

blackmoon banker trojan vmprotect

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8b10ffc38d8eff0325e07f8bea1eb68a42cfc9ac036bbbbb608fec80b735a2c.exe

Resource

win10v2004-20230915-en

blackmoon banker trojan vmprotect

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  f8b10ffc38d8eff0325e07f8bea1eb68a42cfc9ac036bbbbb608fec80b735a2c
- Size
  
  5.1MB
- MD5
  
  7f3e82efbcf6a531d47e81eae4a2a36a
- SHA1
  
  778e7057e6197c0ae0d51f77f1e879c149cb5596
- SHA256
  
  f8b10ffc38d8eff0325e07f8bea1eb68a42cfc9ac036bbbbb608fec80b735a2c
- SHA512
  
  3408585ec3b574ac186bd151a43b56e39b110e255c703088324fee30e7e0718684283358670bf5728cc9e59fcd35f2d773c9d11f36ff98047e8082658645d419
- SSDEEP
  
  98304:7Scm39Meg4YMdxdo2K/slOgyYsUoozKMpwcE/ymGkbUcnwmi:OH3m4zo2KUlVyYshoe0w56rkbdT
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

vmprotectblackmoon

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy