blackmoon | 70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

NEAS.70baf...JC.exe

windows7-x64

NEAS.70baf...JC.exe

windows10-2004-x64

Sharing

General

Target

NEAS.70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604_JC.exe
Size

14.7MB
Sample

231008-sn5bpade4s
MD5

b8af4b75121ac6143f3ed94ac4e2948b
SHA1

a9deac560df683bbd9fb76bae7d3421ce3c698c9
SHA256

70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604
SHA512

8fc27c927a62378e774ec33c64f48cf44c65b32bb7ebbd80844a9ffbae180b778d9a9fd7e12e88a415ee73a5e159da4c22da13caae7f96bebaf73f984d44c089
SSDEEP

393216:2Ws9BysSToqOsg4lUBF2CWzrCDmV5ZNcm4RupHVoTf2TE7/QWhtOG:jsKroqOsg4lI1ZmURMpHctl

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NEAS.70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604_JC.exe

Resource

win7-20230831-en

blackmoon banker trojan vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604_JC.exe

Resource

win10v2004-20230915-en

blackmoon banker trojan vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604_JC.exe
- Size
  
  14.7MB
- MD5
  
  b8af4b75121ac6143f3ed94ac4e2948b
- SHA1
  
  a9deac560df683bbd9fb76bae7d3421ce3c698c9
- SHA256
  
  70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604
- SHA512
  
  8fc27c927a62378e774ec33c64f48cf44c65b32bb7ebbd80844a9ffbae180b778d9a9fd7e12e88a415ee73a5e159da4c22da13caae7f96bebaf73f984d44c089
- SSDEEP
  
  393216:2Ws9BysSToqOsg4lUBF2CWzrCDmV5ZNcm4RupHVoTf2TE7/QWhtOG:jsKroqOsg4lI1ZmURMpHctl
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy