blackmoon | b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

b44be7d586...60.exe

windows7-x64

b44be7d586...60.exe

windows10-2004-x64

Sharing

General

Target

b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060
Size

198KB
Sample

240425-cn4r6adf9t
MD5

b1c62e6625ffced9194d70f6ccb471da
SHA1

474b3888910fc9c10cccf06dd3129b062c3c8ccf
SHA256

b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060
SHA512

950f04f3ceceb9745a882edc8c8f13e9abcd43b3fc33841eb7841d1d310b2625dce8e2020bfd7c5012b5b757aedf6f9aa32f4cf18852abe65132f27de03e2a99
SSDEEP

3072:xhOmTsF93UYfwC6GIout3WVi/8HCpi8rY9AABa1YRMxl1522cJ1uIt:xcm4FmowdHoS3WV28HCddWhRO1Lc9t

Score

10^/10

blackmoon banker trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060
- Size
  
  198KB
- MD5
  
  b1c62e6625ffced9194d70f6ccb471da
- SHA1
  
  474b3888910fc9c10cccf06dd3129b062c3c8ccf
- SHA256
  
  b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060
- SHA512
  
  950f04f3ceceb9745a882edc8c8f13e9abcd43b3fc33841eb7841d1d310b2625dce8e2020bfd7c5012b5b757aedf6f9aa32f4cf18852abe65132f27de03e2a99
- SSDEEP
  
  3072:xhOmTsF93UYfwC6GIout3WVi/8HCpi8rY9AABa1YRMxl1522cJ1uIt:xcm4FmowdHoS3WV28HCddWhRO1Lc9t
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy