blackmoon | cf4f8546496409071b8b1bf0686c809b8eab3228098fed0521f10568fef2f260 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.ae030...70.exe

windows7-x64

NEAS.ae030...70.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ae030bc8bfc938883355b2b567858c70.exe
Size

92KB
Sample

231016-w64dwsbc32
MD5

ae030bc8bfc938883355b2b567858c70
SHA1

b2ed46153217993f83241154be9cbb43b7d7f0fe
SHA256

cf4f8546496409071b8b1bf0686c809b8eab3228098fed0521f10568fef2f260
SHA512

591dfa011428febeebc82d75170771309277a6e88d9fd4d9cf70f71d7ffcee4833d3d99afafe3a95c5a2bf711dde4d16541358e5e7f4d06f8ea2a65d3099b9d6
SSDEEP

1536:l9EJv7qMinKldu6OpZz5CUTDb3zKg+GinF3BHEB7L6J8usIGpxIVUlbRI:0Jv7MK+6KZb3zvcndBoqJ8usLpxHW

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

NEAS.ae030bc8bfc938883355b2b567858c70.exe

Resource

win7-20230831-en

blackmoon banker trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.ae030bc8bfc938883355b2b567858c70.exe

Resource

win10v2004-20230915-en

blackmoon banker trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.ae030bc8bfc938883355b2b567858c70.exe
- Size
  
  92KB
- MD5
  
  ae030bc8bfc938883355b2b567858c70
- SHA1
  
  b2ed46153217993f83241154be9cbb43b7d7f0fe
- SHA256
  
  cf4f8546496409071b8b1bf0686c809b8eab3228098fed0521f10568fef2f260
- SHA512
  
  591dfa011428febeebc82d75170771309277a6e88d9fd4d9cf70f71d7ffcee4833d3d99afafe3a95c5a2bf711dde4d16541358e5e7f4d06f8ea2a65d3099b9d6
- SSDEEP
  
  1536:l9EJv7qMinKldu6OpZz5CUTDb3zKg+GinF3BHEB7L6J8usIGpxIVUlbRI:0Jv7MK+6KZb3zvcndBoqJ8usLpxHW
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy