blackmoon | 301e46e1e20bff126a72a7b62279a5a5a20eb0db9bac8251470ac685ae57468f | Triage

Submit
Reports

Overview

overview

Static

static

3

301e46e1e2...8f.exe

windows7-x64

7

301e46e1e2...8f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

301e46e1e20bff126a72a7b62279a5a5a20eb0db9bac8251470ac685ae57468f
Size

11.4MB
Sample

240601-2ggfqaha8v
MD5

30a9676d1b2dfb37952d72b53c19551f
SHA1

3029af67a6cecb74dc9c85f42d4308d0924a6ff6
SHA256

301e46e1e20bff126a72a7b62279a5a5a20eb0db9bac8251470ac685ae57468f
SHA512

e65120f899d2634521ebbadca09716c3297bc194dd36238e9900ad9f3f0c27a74ff6d220d7d1437ee6beab1a8eef0d572df27d54f70db07ee866ffb5d596d7a8
SSDEEP

196608:8Fl5poKEGK54nLHXD4oOVqMBfOo6eU7iayz+r83k8EzBnMpAf2FaqxN08AE:8rTEy3cVqMdaiayZkBzBiAeFagN0w

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

301e46e1e20bff126a72a7b62279a5a5a20eb0db9bac8251470ac685ae57468f.exe

Resource

win7-20240508-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

301e46e1e20bff126a72a7b62279a5a5a20eb0db9bac8251470ac685ae57468f.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  301e46e1e20bff126a72a7b62279a5a5a20eb0db9bac8251470ac685ae57468f
- Size
  
  11.4MB
- MD5
  
  30a9676d1b2dfb37952d72b53c19551f
- SHA1
  
  3029af67a6cecb74dc9c85f42d4308d0924a6ff6
- SHA256
  
  301e46e1e20bff126a72a7b62279a5a5a20eb0db9bac8251470ac685ae57468f
- SHA512
  
  e65120f899d2634521ebbadca09716c3297bc194dd36238e9900ad9f3f0c27a74ff6d220d7d1437ee6beab1a8eef0d572df27d54f70db07ee866ffb5d596d7a8
- SSDEEP
  
  196608:8Fl5poKEGK54nLHXD4oOVqMBfOo6eU7iayz+r83k8EzBnMpAf2FaqxN08AE:8rTEy3cVqMdaiayZkBzBiAeFagN0w
Score

10^/10

upx blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blackmoonbankertrojanupx

© 2018-2025

Terms | Privacy