blackmoon | a74b5d78a8a65b63909af14d682703f5f7208071f3b307601e5f375477b1f28b | Triage

Submit
Reports

Overview

overview

Static

static

7

a74b5d78a8...8b.exe

windows7-x64

a74b5d78a8...8b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a74b5d78a8a65b63909af14d682703f5f7208071f3b307601e5f375477b1f28b
Size

1.1MB
Sample

240817-fzffgsygkd
MD5

950daace57dabe60b7a04548d7416423
SHA1

17c5cfd0d54f3709431af07f863a267dcae45c78
SHA256

a74b5d78a8a65b63909af14d682703f5f7208071f3b307601e5f375477b1f28b
SHA512

e4095e7c8b6935119b96b0d72a89ddb2bde6786c42cfb2ff6d6990e7cabe309b18d7e5ef1ba6454e378507aef9225379cf3d219f8059f22ab2d79cfa1e0e8567
SSDEEP

24576:PLE8nZaXVkf0ba6XkSMAP8u+WdXPn7Hrtt5Yo:PLnZayf0e6XkSMAP8EHf5j

Score

10^/10

blackmoon banker discovery trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a74b5d78a8a65b63909af14d682703f5f7208071f3b307601e5f375477b1f28b.exe

Resource

win7-20240704-en

blackmoon banker discovery trojan vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a74b5d78a8a65b63909af14d682703f5f7208071f3b307601e5f375477b1f28b.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  a74b5d78a8a65b63909af14d682703f5f7208071f3b307601e5f375477b1f28b
- Size
  
  1.1MB
- MD5
  
  950daace57dabe60b7a04548d7416423
- SHA1
  
  17c5cfd0d54f3709431af07f863a267dcae45c78
- SHA256
  
  a74b5d78a8a65b63909af14d682703f5f7208071f3b307601e5f375477b1f28b
- SHA512
  
  e4095e7c8b6935119b96b0d72a89ddb2bde6786c42cfb2ff6d6990e7cabe309b18d7e5ef1ba6454e378507aef9225379cf3d219f8059f22ab2d79cfa1e0e8567
- SSDEEP
  
  24576:PLE8nZaXVkf0ba6XkSMAP8u+WdXPn7Hrtt5Yo:PLnZayf0e6XkSMAP8EHf5j
Score

10^/10

blackmoon banker discovery trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanvmprotect

behavioral2

blackmoonbankerdiscoverytrojanvmprotect

© 2018-2025

Terms | Privacy