blackmoon | 27a8f7e5dc0ad2c55d13f9d327723c4c9bfb7bd6ccc9f9b3d9211b7b8cc3dc98 | Triage

Submit
Reports

Overview

overview

Static

static

27a8f7e5dc...98.exe

windows7-x64

27a8f7e5dc...98.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

27a8f7e5dc0ad2c55d13f9d327723c4c9bfb7bd6ccc9f9b3d9211b7b8cc3dc98.exe
Size

421KB
Sample

240410-bqb99aeg91
MD5

9885c64277d9fbb907a0bc243d7dbfa5
SHA1

35e40b71d509acceb3f6a74dd945ff86b714a15e
SHA256

27a8f7e5dc0ad2c55d13f9d327723c4c9bfb7bd6ccc9f9b3d9211b7b8cc3dc98
SHA512

b624fb746707367bd9f38e98c16b0520a6c5777d10d11ac0a678936f7bad79b778dff28ea25e454e1a0a4c23df46803510e4ea7c755c9ee7fd27d59c7ef6a9bc
SSDEEP

6144:K5/YZ58drqrhGcbLhmvjSN6jZhixVK/B/zIydenCV:K5/Q58drihGiLhmGNiZsx0B/zIkenCV

Score

10^/10

blackmoon banker trojan upx

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

27a8f7e5dc0ad2c55d13f9d327723c4c9bfb7bd6ccc9f9b3d9211b7b8cc3dc98.exe

Resource

win7-20240215-en

blackmoon banker trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

27a8f7e5dc0ad2c55d13f9d327723c4c9bfb7bd6ccc9f9b3d9211b7b8cc3dc98.exe

Resource

win10v2004-20231215-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  27a8f7e5dc0ad2c55d13f9d327723c4c9bfb7bd6ccc9f9b3d9211b7b8cc3dc98.exe
- Size
  
  421KB
- MD5
  
  9885c64277d9fbb907a0bc243d7dbfa5
- SHA1
  
  35e40b71d509acceb3f6a74dd945ff86b714a15e
- SHA256
  
  27a8f7e5dc0ad2c55d13f9d327723c4c9bfb7bd6ccc9f9b3d9211b7b8cc3dc98
- SHA512
  
  b624fb746707367bd9f38e98c16b0520a6c5777d10d11ac0a678936f7bad79b778dff28ea25e454e1a0a4c23df46803510e4ea7c755c9ee7fd27d59c7ef6a9bc
- SSDEEP
  
  6144:K5/YZ58drqrhGcbLhmvjSN6jZhixVK/B/zIydenCV:K5/Q58drihGiLhmGNiZsx0B/zIkenCV
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy