blackmoon | bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9 | Triage

Submit
Reports

Overview

overview

Static

static

bbebddadf5...b9.exe

windows7-x64

bbebddadf5...b9.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9.exe
Size

338KB
Sample

240410-dg573scd55
MD5

ded7639442d93d3835c150a1dac7d9ed
SHA1

a67b69acf9749adfd677ac43d443265b756f15ed
SHA256

bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9
SHA512

0bd5c739928b3c8d9c65d9c747c512969e27042d56c25eee5d220347f95ffc6616c59cdac8064fd99af9b37de827257427af067f3eb95e0fd73d8daadc22d847
SSDEEP

6144:b5/YZ58drqrhGcbLhmvjSN6jZhixVK/B/zkXudes:b5/Q58drihGiLhmGNiZsx0B/zkXoes

Score

10^/10

blackmoon banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9.exe

Resource

win7-20240319-en

blackmoon banker trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9.exe
- Size
  
  338KB
- MD5
  
  ded7639442d93d3835c150a1dac7d9ed
- SHA1
  
  a67b69acf9749adfd677ac43d443265b756f15ed
- SHA256
  
  bbebddadf556c91966fa760f21d04d8990481f254e25b2f38de423503d787ab9
- SHA512
  
  0bd5c739928b3c8d9c65d9c747c512969e27042d56c25eee5d220347f95ffc6616c59cdac8064fd99af9b37de827257427af067f3eb95e0fd73d8daadc22d847
- SSDEEP
  
  6144:b5/YZ58drqrhGcbLhmvjSN6jZhixVK/B/zkXudes:b5/Q58drihGiLhmGNiZsx0B/zkXoes
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojan

behavioral2

blackmoonbankertrojan

© 2018-2025

Terms | Privacy