blackmoon | a520fa28c62a821d17f059e6a2e06ffbcf6e65a5a5aa28dc72ebee42b46ffca2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a520fa28c6...a2.exe

windows7-x64

a520fa28c6...a2.exe

windows10-2004-x64

Sharing

General

Target

a520fa28c62a821d17f059e6a2e06ffbcf6e65a5a5aa28dc72ebee42b46ffca2
Size

2.9MB
Sample

231012-f9mbsacc56
MD5

e42d1929b5179466c176cf2bae29f899
SHA1

c88ff0b920cf5c818b183f7166503ee2b7eadcdb
SHA256

a520fa28c62a821d17f059e6a2e06ffbcf6e65a5a5aa28dc72ebee42b46ffca2
SHA512

002346d8590da139ce7838a4fc20668a7a55773fd5faf9d4fe961a2dddd88033eba33cb1c54ffc6dd8ef038f1b65a92c7c1926060dfd0007625d57d4b8eeafa7
SSDEEP

24576:pCKzARimQzNe4Za8iX5FfrVjePHS1Q2d7VITbSAcQwKXo58OKIbs5ffzxGtm3qzx:pCQ1I5uPHE9xWnFItf/BTJBaQPGdwn5

Score

10^/10

blackmoon banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a520fa28c62a821d17f059e6a2e06ffbcf6e65a5a5aa28dc72ebee42b46ffca2.exe

Resource

win7-20230831-en

blackmoon banker trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a520fa28c62a821d17f059e6a2e06ffbcf6e65a5a5aa28dc72ebee42b46ffca2.exe

Resource

win10v2004-20230915-en

blackmoon banker trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a520fa28c62a821d17f059e6a2e06ffbcf6e65a5a5aa28dc72ebee42b46ffca2
- Size
  
  2.9MB
- MD5
  
  e42d1929b5179466c176cf2bae29f899
- SHA1
  
  c88ff0b920cf5c818b183f7166503ee2b7eadcdb
- SHA256
  
  a520fa28c62a821d17f059e6a2e06ffbcf6e65a5a5aa28dc72ebee42b46ffca2
- SHA512
  
  002346d8590da139ce7838a4fc20668a7a55773fd5faf9d4fe961a2dddd88033eba33cb1c54ffc6dd8ef038f1b65a92c7c1926060dfd0007625d57d4b8eeafa7
- SSDEEP
  
  24576:pCKzARimQzNe4Za8iX5FfrVjePHS1Q2d7VITbSAcQwKXo58OKIbs5ffzxGtm3qzx:pCQ1I5uPHE9xWnFItf/BTJBaQPGdwn5
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2025

Terms | Privacy