blackmoon | 4f37979faa2fa89dea4c7009a3854ed0f967c556080f7560a7a8738ffe7a0af8 | Triage

Submit
Reports

Overview

overview

Static

static

4f37979faa...f8.exe

windows7-x64

4f37979faa...f8.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

4f37979faa2fa89dea4c7009a3854ed0f967c556080f7560a7a8738ffe7a0af8
Size

824KB
Sample

240308-13fwmshg7z
MD5

0c1c4153934ed1b3ac58618ec8daccdd
SHA1

0cd094ad1e89949d23d2dadedda57cb4378fbd23
SHA256

4f37979faa2fa89dea4c7009a3854ed0f967c556080f7560a7a8738ffe7a0af8
SHA512

9b0262f4175097587dd49d70fd52d2e77936e8669f71a4eff0314788db054c57219c1c850fa7dbaf6f89e267fca21c50e869752c4eb0c910174acdf746946f75
SSDEEP

6144:kYqqWRJVo7eGQGGN3YXaafgLMUxVBEXCAI:kYqqWRJVoSGQGGOaaYL7B/

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

4f37979faa2fa89dea4c7009a3854ed0f967c556080f7560a7a8738ffe7a0af8.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f37979faa2fa89dea4c7009a3854ed0f967c556080f7560a7a8738ffe7a0af8.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f37979faa2fa89dea4c7009a3854ed0f967c556080f7560a7a8738ffe7a0af8
- Size
  
  824KB
- MD5
  
  0c1c4153934ed1b3ac58618ec8daccdd
- SHA1
  
  0cd094ad1e89949d23d2dadedda57cb4378fbd23
- SHA256
  
  4f37979faa2fa89dea4c7009a3854ed0f967c556080f7560a7a8738ffe7a0af8
- SHA512
  
  9b0262f4175097587dd49d70fd52d2e77936e8669f71a4eff0314788db054c57219c1c850fa7dbaf6f89e267fca21c50e869752c4eb0c910174acdf746946f75
- SSDEEP
  
  6144:kYqqWRJVo7eGQGGN3YXaafgLMUxVBEXCAI:kYqqWRJVoSGQGGOaaYL7B/
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy