blackmoon | 609063525cb146e5666be59694fb37357ebeb06ee2c28470f08055141bc9fcfb | Triage

Submit
Reports

Overview

overview

Static

static

609063525c...fb.exe

windows7-x64

609063525c...fb.exe

windows10-2004-x64

Sharing

General

Target

609063525cb146e5666be59694fb37357ebeb06ee2c28470f08055141bc9fcfb
Size

6.4MB
Sample

240524-gasj7afc27
MD5

82a48a435ab67203a64599023bc357be
SHA1

6ff9b664635875a91b0048de9361ae6df7600183
SHA256

609063525cb146e5666be59694fb37357ebeb06ee2c28470f08055141bc9fcfb
SHA512

bfa3637c8a370870bfb75f5af363c3d08fa0245a4d7a277a9aa63403b86745c237764f470fb5bd8502923fe5c3343319590f626f99f88f070001420b293b73c5
SSDEEP

98304:bxoAXrbR8ZB+thQKyxL/y2n8mcGcKykCU0zDgTuT0COoJdu4A6h8Pz:bbXh8ZahQKys2pcGSkmDgTs0Fgug6

Score

10^/10

blackmoon banker trojan vmprotect

Static task

static1

vmprotect blackmoon

4 signatures

Behavioral task

behavioral1

Sample

609063525cb146e5666be59694fb37357ebeb06ee2c28470f08055141bc9fcfb.exe

Resource

win7-20240221-en

blackmoon banker trojan vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

609063525cb146e5666be59694fb37357ebeb06ee2c28470f08055141bc9fcfb.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  609063525cb146e5666be59694fb37357ebeb06ee2c28470f08055141bc9fcfb
- Size
  
  6.4MB
- MD5
  
  82a48a435ab67203a64599023bc357be
- SHA1
  
  6ff9b664635875a91b0048de9361ae6df7600183
- SHA256
  
  609063525cb146e5666be59694fb37357ebeb06ee2c28470f08055141bc9fcfb
- SHA512
  
  bfa3637c8a370870bfb75f5af363c3d08fa0245a4d7a277a9aa63403b86745c237764f470fb5bd8502923fe5c3343319590f626f99f88f070001420b293b73c5
- SSDEEP
  
  98304:bxoAXrbR8ZB+thQKyxL/y2n8mcGcKykCU0zDgTuT0COoJdu4A6h8Pz:bbXh8ZahQKys2pcGSkmDgTs0Fgug6
Score

10^/10

blackmoon banker trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

vmprotectblackmoon

behavioral1

blackmoonbankertrojanvmprotect

behavioral2

blackmoonbankertrojanvmprotect

© 2018-2024

Terms | Privacy