blackmoon | 8ec5cc6af9b0a70639c1eb940de46eae40fdf3b8eb8ecae0d128d687a2c48163 | Triage

Submit
Reports

Overview

overview

Static

static

3

a21a88663b...18.exe

windows7-x64

a21a88663b...18.exe

windows10-2004-x64

Sharing

General

Target

a21a88663b8a36c3701d6da301de275f_JaffaCakes118
Size

2.2MB
Sample

240817-lzzf9azcnc
MD5

a21a88663b8a36c3701d6da301de275f
SHA1

89b6f414565910e07239477a16d5587149e84b94
SHA256

8ec5cc6af9b0a70639c1eb940de46eae40fdf3b8eb8ecae0d128d687a2c48163
SHA512

dcbdb7767412de07405e7c3971c272f975dde326c41e032cd2a6d3b47d812affb8de188a47c505497fda4b5082f46a0fb3e81bdaf0f089213be08924071b6c80
SSDEEP

49152:GkyXZ2ImENGNimtjd5fcLOsKSlMy7/vmLqVAPuPOhnCzcDJ9AG52jg6aBU:GRJ2AY5tj/fc5KSlMy7/vZ+uP6CgLv52

Score

10^/10

blackmoon banker discovery spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a21a88663b8a36c3701d6da301de275f_JaffaCakes118.exe

Resource

win7-20240704-en

blackmoon banker discovery spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a21a88663b8a36c3701d6da301de275f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a21a88663b8a36c3701d6da301de275f_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  a21a88663b8a36c3701d6da301de275f
- SHA1
  
  89b6f414565910e07239477a16d5587149e84b94
- SHA256
  
  8ec5cc6af9b0a70639c1eb940de46eae40fdf3b8eb8ecae0d128d687a2c48163
- SHA512
  
  dcbdb7767412de07405e7c3971c272f975dde326c41e032cd2a6d3b47d812affb8de188a47c505497fda4b5082f46a0fb3e81bdaf0f089213be08924071b6c80
- SSDEEP
  
  49152:GkyXZ2ImENGNimtjd5fcLOsKSlMy7/vmLqVAPuPOhnCzcDJ9AG52jg6aBU:GRJ2AY5tj/fc5KSlMy7/vZ+uP6CgLv52
Score

10^/10

blackmoon banker discovery spyware stealer trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoveryspywarestealertrojan

behavioral2

blackmoonbankerdiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy