blackmoon | cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cdb0d51c81...e9.exe

windows7-x64

cdb0d51c81...e9.exe

windows10-2004-x64

Sharing

General

Target

cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9
Size

62KB
Sample

240901-sr2pzavbjj
MD5

fe788810050ecfc9a0276eedd413e320
SHA1

f2de6793dbe79b21c1c30ecdf7e1caa5a2bb5d6a
SHA256

cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9
SHA512

65a2f7204861aa3c4a4ad09d48afa2e8e49f9d834872cac3dd3d7f80c8f6fd3d7e41b8ac91b38ae9e8463190b018e8596ba3e7f309d2117a33520c69ad566f01
SSDEEP

1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKES+:ymb3NkkiQ3mdBjFII9ZvHKET

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe

Resource

win7-20240729-en

blackmoon banker discovery trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9
- Size
  
  62KB
- MD5
  
  fe788810050ecfc9a0276eedd413e320
- SHA1
  
  f2de6793dbe79b21c1c30ecdf7e1caa5a2bb5d6a
- SHA256
  
  cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9
- SHA512
  
  65a2f7204861aa3c4a4ad09d48afa2e8e49f9d834872cac3dd3d7f80c8f6fd3d7e41b8ac91b38ae9e8463190b018e8596ba3e7f309d2117a33520c69ad566f01
- SSDEEP
  
  1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKES+:ymb3NkkiQ3mdBjFII9ZvHKET
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy