blackmoon | a4aead48c90df3cae46ea45e909ad6d8ebc87ccc75455e6b07e7302624711ace | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

a4aead48c9...ce.exe

windows7-x64

a4aead48c9...ce.exe

windows10-2004-x64

Sharing

General

Target

a4aead48c90df3cae46ea45e909ad6d8ebc87ccc75455e6b07e7302624711ace
Size

15.4MB
Sample

231011-t9fqwscc57
MD5

2da8c4b8e832922633498af511147060
SHA1

3ca21cf5bd3f02a091ab7ad33b3e02a8639499a1
SHA256

a4aead48c90df3cae46ea45e909ad6d8ebc87ccc75455e6b07e7302624711ace
SHA512

6ab904584c275406c96855536568cc2dff80a902a8d96d646e766f2bfdae5226d213b0a77a62a30c3f614111042e70d385fcf53ab7dc3a3033a46cd92542b06e
SSDEEP

393216:rp8kJfML4vyJpSYTp5Ijhpe16uqB2fqgQyvKmmWTBB:r2CDyLTEVrucmqhRWTj

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a4aead48c90df3cae46ea45e909ad6d8ebc87ccc75455e6b07e7302624711ace.exe

Resource

win7-20230831-en

blackmoon banker trojan vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a4aead48c90df3cae46ea45e909ad6d8ebc87ccc75455e6b07e7302624711ace.exe

Resource

win10v2004-20230915-en

blackmoon banker trojan vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  a4aead48c90df3cae46ea45e909ad6d8ebc87ccc75455e6b07e7302624711ace
- Size
  
  15.4MB
- MD5
  
  2da8c4b8e832922633498af511147060
- SHA1
  
  3ca21cf5bd3f02a091ab7ad33b3e02a8639499a1
- SHA256
  
  a4aead48c90df3cae46ea45e909ad6d8ebc87ccc75455e6b07e7302624711ace
- SHA512
  
  6ab904584c275406c96855536568cc2dff80a902a8d96d646e766f2bfdae5226d213b0a77a62a30c3f614111042e70d385fcf53ab7dc3a3033a46cd92542b06e
- SSDEEP
  
  393216:rp8kJfML4vyJpSYTp5Ijhpe16uqB2fqgQyvKmmWTBB:r2CDyLTEVrucmqhRWTj
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2025

Terms | Privacy