blackmoon | 8df8005d21b9c5a79329eb44966ec3f2be4f56bcfdbb026becb55c977c55710e | Triage

Submit
Reports

Overview

overview

Static

static

3

8df8005d21...0e.exe

windows7-x64

8df8005d21...0e.exe

windows10-2004-x64

Sharing

General

Target

8df8005d21b9c5a79329eb44966ec3f2be4f56bcfdbb026becb55c977c55710e
Size

2.4MB
Sample

240903-aqe6gasgjf
MD5

17ae52dd6f15e8d2858d698f4e1a4bc0
SHA1

50ac9e1b177e78cd252c72e79e93b9368bdf80b8
SHA256

8df8005d21b9c5a79329eb44966ec3f2be4f56bcfdbb026becb55c977c55710e
SHA512

be7d52780a44e0f44c560970a3a3acf430d4a12908cf61509219a48e11a2754b3caf5208f5cce383bdb81f62dc7b03489028a9d07ca00ab841eae073eae55c3a
SSDEEP

49152:Zf3eaP4gliiDB52PZ6H617JimVVAMLGx+FZE9A96XDW:ZGaQqn2P8H071DLp/IA95

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8df8005d21b9c5a79329eb44966ec3f2be4f56bcfdbb026becb55c977c55710e.exe

Resource

win7-20240729-en

blackmoon banker discovery trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8df8005d21b9c5a79329eb44966ec3f2be4f56bcfdbb026becb55c977c55710e.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  8df8005d21b9c5a79329eb44966ec3f2be4f56bcfdbb026becb55c977c55710e
- Size
  
  2.4MB
- MD5
  
  17ae52dd6f15e8d2858d698f4e1a4bc0
- SHA1
  
  50ac9e1b177e78cd252c72e79e93b9368bdf80b8
- SHA256
  
  8df8005d21b9c5a79329eb44966ec3f2be4f56bcfdbb026becb55c977c55710e
- SHA512
  
  be7d52780a44e0f44c560970a3a3acf430d4a12908cf61509219a48e11a2754b3caf5208f5cce383bdb81f62dc7b03489028a9d07ca00ab841eae073eae55c3a
- SSDEEP
  
  49152:Zf3eaP4gliiDB52PZ6H617JimVVAMLGx+FZE9A96XDW:ZGaQqn2P8H071DLp/IA95
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy