blackmoon | 09b5debc4bd0e7760ba7bf6faa93268285cafa004608fe2735cba1b6eb0836a2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

09b5debc4b...a2.exe

windows7-x64

09b5debc4b...a2.exe

windows10-2004-x64

Sharing

General

Target

09b5debc4bd0e7760ba7bf6faa93268285cafa004608fe2735cba1b6eb0836a2
Size

823KB
Sample

231007-j67p4aaa5s
MD5

b255c4c0c3379db4b2afe207c90aad92
SHA1

1b746283ad6e2a538048526d6bfe2ca044cc7963
SHA256

09b5debc4bd0e7760ba7bf6faa93268285cafa004608fe2735cba1b6eb0836a2
SHA512

067c05f1ba932e4658856afe4013eb4b30a0a3e7559cb52c481bc975e69903c06ebabd44cc89ce6e821cb4bf746216e23177ca98c975f1a0bd18328f217e3ec3
SSDEEP

24576:iGiZm/gubF8j51far6VJ+xcVW9zh7afqxs1OVTcsBvwnmkvqPo0lTs:i8/LLZrlTs

Score

10^/10

blackmoon banker evasion persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

09b5debc4bd0e7760ba7bf6faa93268285cafa004608fe2735cba1b6eb0836a2.exe

Resource

win7-20230831-en

blackmoon banker evasion persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

09b5debc4bd0e7760ba7bf6faa93268285cafa004608fe2735cba1b6eb0836a2.exe

Resource

win10v2004-20230915-en

blackmoon banker evasion persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  09b5debc4bd0e7760ba7bf6faa93268285cafa004608fe2735cba1b6eb0836a2
- Size
  
  823KB
- MD5
  
  b255c4c0c3379db4b2afe207c90aad92
- SHA1
  
  1b746283ad6e2a538048526d6bfe2ca044cc7963
- SHA256
  
  09b5debc4bd0e7760ba7bf6faa93268285cafa004608fe2735cba1b6eb0836a2
- SHA512
  
  067c05f1ba932e4658856afe4013eb4b30a0a3e7559cb52c481bc975e69903c06ebabd44cc89ce6e821cb4bf746216e23177ca98c975f1a0bd18328f217e3ec3
- SSDEEP
  
  24576:iGiZm/gubF8j51far6VJ+xcVW9zh7afqxs1OVTcsBvwnmkvqPo0lTs:i8/LLZrlTs
Score

10^/10

blackmoon banker evasion persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonbankerevasionpersistencetrojan

behavioral2

blackmoonbankerevasionpersistencetrojan

© 2018-2025

Terms | Privacy