blackmoon | 223d98ec145c21ce9ff222008bd9ee02a8aaa146600972bf806708d9d689bef1 | Triage

Submit
Reports

Overview

overview

Static

static

TK014DCC96..._P.exe

windows10-1703-x64

TK014DCC96..._P.exe

windows10-2004-x64

TK014DCC96..._P.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

TK014DCC9651DB453FB3D969CBD4E397_P.exe
Size

19.4MB
Sample

240309-t79k7adb31
MD5

856cde622a9a5f5f5ac3c0414dedf113
SHA1

3f3fb2b95d557aee8b5478dbb8d7620e95bf2ef4
SHA256

223d98ec145c21ce9ff222008bd9ee02a8aaa146600972bf806708d9d689bef1
SHA512

c527d53823b7c191bbcd8be9da6863fb16d615dc9d58d97a2de50ec1e59bb0c022d5bffe957cddf7eb368e60512d40e2d5eb88b52220abed128a3fe0e9b05ba7
SSDEEP

393216:dMQgUTcSyvrTV6cjQP6uOX1r3clzzSefpaFTCHLafb4DjZ539a+24EWI84goJ:drgedyvHV6cjkTO+BvfSHfb4DjZ59a+a

Score

10^/10

blackmoon banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

TK014DCC9651DB453FB3D969CBD4E397_P.exe

Resource

win10-20240221-en

blackmoon banker trojan

windows10-1703-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

TK014DCC9651DB453FB3D969CBD4E397_P.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan

windows10-2004-x64

4 signatures

300 seconds

Behavioral task

behavioral3

Sample

TK014DCC9651DB453FB3D969CBD4E397_P.exe

Resource

win11-20240221-en

blackmoon banker trojan

windows11-21h2-x64

4 signatures

300 seconds

Malware Config

Targets

- Target
  
  TK014DCC9651DB453FB3D969CBD4E397_P.exe
- Size
  
  19.4MB
- MD5
  
  856cde622a9a5f5f5ac3c0414dedf113
- SHA1
  
  3f3fb2b95d557aee8b5478dbb8d7620e95bf2ef4
- SHA256
  
  223d98ec145c21ce9ff222008bd9ee02a8aaa146600972bf806708d9d689bef1
- SHA512
  
  c527d53823b7c191bbcd8be9da6863fb16d615dc9d58d97a2de50ec1e59bb0c022d5bffe957cddf7eb368e60512d40e2d5eb88b52220abed128a3fe0e9b05ba7
- SSDEEP
  
  393216:dMQgUTcSyvrTV6cjQP6uOX1r3clzzSefpaFTCHLafb4DjZ539a+24EWI84goJ:drgedyvHV6cjkTO+BvfSHfb4DjZ59a+a
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

behavioral3

blackmoonbankertrojan

© 2018-2025

Terms | Privacy