blackmoon | b85cf426b273c087d5da9ed474d7aea16b546d5f42fab4a199f63a6240b0a50d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

c7941ddb36...cs.exe

windows7-x64

c7941ddb36...cs.exe

windows10-2004-x64

Sharing

General

Target

c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics
Size

66KB
Sample

240514-p82jragc5s
MD5

c7941ddb367c6d18dfeda0aa2f38e3b0
SHA1

cfec0f7d77e4660f041b49f1b4bcf8d594f6c1b0
SHA256

b85cf426b273c087d5da9ed474d7aea16b546d5f42fab4a199f63a6240b0a50d
SHA512

60ccbba71070f5e053cbe20343fefe343ba17b6c87139e5f2cf04ca4f758cf593b7c0f2d318a65f83ecfa010087d4c2983db5ac2d6608ba4aeab3d3c7097f710
SSDEEP

1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZh:ymb3NkkiQ3mdBjF0yUm/

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

blackmoon banker trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics
- Size
  
  66KB
- MD5
  
  c7941ddb367c6d18dfeda0aa2f38e3b0
- SHA1
  
  cfec0f7d77e4660f041b49f1b4bcf8d594f6c1b0
- SHA256
  
  b85cf426b273c087d5da9ed474d7aea16b546d5f42fab4a199f63a6240b0a50d
- SHA512
  
  60ccbba71070f5e053cbe20343fefe343ba17b6c87139e5f2cf04ca4f758cf593b7c0f2d318a65f83ecfa010087d4c2983db5ac2d6608ba4aeab3d3c7097f710
- SSDEEP
  
  1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZh:ymb3NkkiQ3mdBjF0yUm/
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy