blackmoon | 13584df49a410ca84cba9ca169669d96c076d5a79499e352eccebbc24ac1f335 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

13584df49a...35.dll

windows7-x64

13584df49a...35.dll

windows10-2004-x64

Sharing

General

Target

13584df49a410ca84cba9ca169669d96c076d5a79499e352eccebbc24ac1f335
Size

9.2MB
Sample

231011-3cft3adf29
MD5

53451ddc38f39bfcb68f513cea02d5cc
SHA1

73c3a73b8bad6a4445ecf8a43041bf155c1fa0b2
SHA256

13584df49a410ca84cba9ca169669d96c076d5a79499e352eccebbc24ac1f335
SHA512

5afbc1e45979cd10f48d111956a60187b0389d5ce35ebf855b31116cef21515c8f08a3835af9e5124d2422686501d054a18d3ef174915ab85948cc4fdb7a2bb5
SSDEEP

196608:u3qVFB7PnpPvypQqOh/+7WWXtpI/rak3gaKKljMwDnTmN:u3mPnpPapROiI2k3hkk

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

vmprotect blackmoon

4 signatures

Behavioral task

behavioral1

Sample

13584df49a410ca84cba9ca169669d96c076d5a79499e352eccebbc24ac1f335.dll

Resource

win7-20230831-en

blackmoon banker trojan vmprotect

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

13584df49a410ca84cba9ca169669d96c076d5a79499e352eccebbc24ac1f335.dll

Resource

win10v2004-20230915-en

blackmoon banker trojan vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  13584df49a410ca84cba9ca169669d96c076d5a79499e352eccebbc24ac1f335
- Size
  
  9.2MB
- MD5
  
  53451ddc38f39bfcb68f513cea02d5cc
- SHA1
  
  73c3a73b8bad6a4445ecf8a43041bf155c1fa0b2
- SHA256
  
  13584df49a410ca84cba9ca169669d96c076d5a79499e352eccebbc24ac1f335
- SHA512
  
  5afbc1e45979cd10f48d111956a60187b0389d5ce35ebf855b31116cef21515c8f08a3835af9e5124d2422686501d054a18d3ef174915ab85948cc4fdb7a2bb5
- SSDEEP
  
  196608:u3qVFB7PnpPvypQqOh/+7WWXtpI/rak3gaKKljMwDnTmN:u3mPnpPapROiI2k3hkk
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

vmprotectblackmoon

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy