blackmoon | 9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9b4bf307bb...f8.exe

windows7-x64

9b4bf307bb...f8.exe

windows10-2004-x64

Sharing

General

Target

9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8
Size

184KB
Sample

240319-ka1gksfe8s
MD5

d35cf1672bef20f1a0d6442879741abf
SHA1

80f6635dc1e65f6930d7779ad56ddd136067211d
SHA256

9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8
SHA512

5c9f563abbad726887bc2c7809ea10af6633a31aa3a97413bb2b4adcddbdada4fee246a34cf39655acdc95a3a38f6ca16c1dbc53056e7820596becff73bb2479
SSDEEP

3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D43eMM:3cm4FmowdHoSzhraHcpOFltH4twl43vM

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8
- Size
  
  184KB
- MD5
  
  d35cf1672bef20f1a0d6442879741abf
- SHA1
  
  80f6635dc1e65f6930d7779ad56ddd136067211d
- SHA256
  
  9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8
- SHA512
  
  5c9f563abbad726887bc2c7809ea10af6633a31aa3a97413bb2b4adcddbdada4fee246a34cf39655acdc95a3a38f6ca16c1dbc53056e7820596becff73bb2479
- SSDEEP
  
  3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D43eMM:3cm4FmowdHoSzhraHcpOFltH4twl43vM
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy