blackmoon | 28954641e3051d3f7225cca0ef79aca89f04dbb4e97194d160ad3a3f061a1a72 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

28954641e3...72.exe

windows7-x64

28954641e3...72.exe

windows10-2004-x64

Sharing

General

Target

28954641e3051d3f7225cca0ef79aca89f04dbb4e97194d160ad3a3f061a1a72
Size

91KB
Sample

240422-yry7qsfe35
MD5

b0573313ea87ba4ffa8dbabc73c2ddec
SHA1

4d857eb401184bb32e633ad59feca52a887ac997
SHA256

28954641e3051d3f7225cca0ef79aca89f04dbb4e97194d160ad3a3f061a1a72
SHA512

7c0cb628d1e73edcd21dab9405698081821c99bc75b0d390212b0cfdd72216bf139343e56dd1115be1451341e9b8b8f4d92cfddd630f6abfe1807913e71c7b3c
SSDEEP

1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21S:ymb3NkkiQ3mdBjFo73PYP1lri3K8GA

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28954641e3051d3f7225cca0ef79aca89f04dbb4e97194d160ad3a3f061a1a72.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

28954641e3051d3f7225cca0ef79aca89f04dbb4e97194d160ad3a3f061a1a72.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  28954641e3051d3f7225cca0ef79aca89f04dbb4e97194d160ad3a3f061a1a72
- Size
  
  91KB
- MD5
  
  b0573313ea87ba4ffa8dbabc73c2ddec
- SHA1
  
  4d857eb401184bb32e633ad59feca52a887ac997
- SHA256
  
  28954641e3051d3f7225cca0ef79aca89f04dbb4e97194d160ad3a3f061a1a72
- SHA512
  
  7c0cb628d1e73edcd21dab9405698081821c99bc75b0d390212b0cfdd72216bf139343e56dd1115be1451341e9b8b8f4d92cfddd630f6abfe1807913e71c7b3c
- SSDEEP
  
  1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21S:ymb3NkkiQ3mdBjFo73PYP1lri3K8GA
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy