blackmoon | c13b78ce599d4096fe6f1a02d603e782e7367e1511c993d9a19e8bc8a95311a5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

youdao.exe

windows7-x64

youdao.exe

windows10-1703-x64

youdao.exe

windows10-2004-x64

Sharing

General

Target

youdao.exe
Size

149.7MB
Sample

231125-n6e3asad58
MD5

9ef442a14466a39c0572074fcce348dd
SHA1

cfa1846cf9b13f166fffd67ad02d4b7e2a884ee3
SHA256

c13b78ce599d4096fe6f1a02d603e782e7367e1511c993d9a19e8bc8a95311a5
SHA512

5425887977db130c3ab2cba7e5829c55e77331b388f76acbd9f73467845ff9bb1fe6655d1e5b6cacb4f12b468aeedf5266dc27b027b7e2baf7a0ca1d14a50877
SSDEEP

3145728:k63TD1pRKegKHA5jMNFyymEOsEvtd+MKqaXHFVhHMCJDe9:kwTBp0eMYFyyxOsEld+MKjXlYC5e9

Score

10^/10

blackmoon banker evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

youdao.exe

Resource

win7-20231023-en

blackmoon banker evasion trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

youdao.exe

Resource

win10-20231020-en

blackmoon banker evasion trojan upx

windows10-1703-x64

20 signatures

150 seconds

Behavioral task

behavioral3

Sample

youdao.exe

Resource

win10v2004-20231023-en

blackmoon banker evasion trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  youdao.exe
- Size
  
  149.7MB
- MD5
  
  9ef442a14466a39c0572074fcce348dd
- SHA1
  
  cfa1846cf9b13f166fffd67ad02d4b7e2a884ee3
- SHA256
  
  c13b78ce599d4096fe6f1a02d603e782e7367e1511c993d9a19e8bc8a95311a5
- SHA512
  
  5425887977db130c3ab2cba7e5829c55e77331b388f76acbd9f73467845ff9bb1fe6655d1e5b6cacb4f12b468aeedf5266dc27b027b7e2baf7a0ca1d14a50877
- SSDEEP
  
  3145728:k63TD1pRKegKHA5jMNFyymEOsEvtd+MKqaXHFVhHMCJDe9:kwTBp0eMYFyyxOsEld+MKjXlYC5e9
Score

10^/10

blackmoon banker evasion trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerevasiontrojanupx

behavioral2

blackmoonbankerevasiontrojanupx

behavioral3

blackmoonbankerevasiontrojanupx

© 2018-2025

Terms | Privacy