blackmoon | 890948a0e6a52cf01668ed43fee0813dc8d7231de7f6dff7a3b1dfa3e9819959 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7c738f47a4...cs.exe

windows7-x64

7c738f47a4...cs.exe

windows10-2004-x64

Sharing

General

Target

7c738f47a48ae019fbc126a5af29ce20_NeikiAnalytics
Size

88KB
Sample

240516-cmjetsgb68
MD5

7c738f47a48ae019fbc126a5af29ce20
SHA1

cebfde1971048795e89eb908ca64586713773756
SHA256

890948a0e6a52cf01668ed43fee0813dc8d7231de7f6dff7a3b1dfa3e9819959
SHA512

f4047df961c651df4352902c82d6e320a0146f7ae97ed8b2aa438a5c51b498a6c3347bfd0fc2143543472049bb6fc79f7ba91989610b57f215d958896e26b90b
SSDEEP

1536:5+4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSZhCQbIo/tSz:dq6OLM3QasY5Ft71fqWWp+efG4hCQra

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

7c738f47a48ae019fbc126a5af29ce20_NeikiAnalytics.exe

Resource

win7-20240221-en

blackmoon banker trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7c738f47a48ae019fbc126a5af29ce20_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  7c738f47a48ae019fbc126a5af29ce20_NeikiAnalytics
- Size
  
  88KB
- MD5
  
  7c738f47a48ae019fbc126a5af29ce20
- SHA1
  
  cebfde1971048795e89eb908ca64586713773756
- SHA256
  
  890948a0e6a52cf01668ed43fee0813dc8d7231de7f6dff7a3b1dfa3e9819959
- SHA512
  
  f4047df961c651df4352902c82d6e320a0146f7ae97ed8b2aa438a5c51b498a6c3347bfd0fc2143543472049bb6fc79f7ba91989610b57f215d958896e26b90b
- SSDEEP
  
  1536:5+4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSZhCQbIo/tSz:dq6OLM3QasY5Ft71fqWWp+efG4hCQra
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy