blackmoon | dfff14709e8e98e61b54fb6c8d86d438fc267431b22662d00b115abc3d7b8198 | Triage

Submit
Reports

Overview

overview

Static

static

7

dfff14709e...98.exe

windows7-x64

dfff14709e...98.exe

windows10-2004-x64

Sharing

General

Target

dfff14709e8e98e61b54fb6c8d86d438fc267431b22662d00b115abc3d7b8198
Size

14.3MB
Sample

240903-feblssyemd
MD5

bd42605795e18b44c775cec9e67204b0
SHA1

6054f82d9ae93f02aecd5dc24b61935bb63da982
SHA256

dfff14709e8e98e61b54fb6c8d86d438fc267431b22662d00b115abc3d7b8198
SHA512

4112018a2068c04911da0e46df76fadb0c7a799a4ebab140edd35323bf3f0b24c5f338fc3a2ef17e7d932804663be35a1bb2a715ac863b25884ddd9a15e20331
SSDEEP

393216:euGRuXHcNIgkQ2viq6gDCFiZqZ2zytHqUVSrdAAo:eumuXHcaQ2vifgeFiZZQKUVdAo

Score

10^/10

blackmoon banker discovery evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

dfff14709e8e98e61b54fb6c8d86d438fc267431b22662d00b115abc3d7b8198.exe

Resource

win7-20240729-en

blackmoon banker discovery evasion themida trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

dfff14709e8e98e61b54fb6c8d86d438fc267431b22662d00b115abc3d7b8198.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery evasion themida trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  dfff14709e8e98e61b54fb6c8d86d438fc267431b22662d00b115abc3d7b8198
- Size
  
  14.3MB
- MD5
  
  bd42605795e18b44c775cec9e67204b0
- SHA1
  
  6054f82d9ae93f02aecd5dc24b61935bb63da982
- SHA256
  
  dfff14709e8e98e61b54fb6c8d86d438fc267431b22662d00b115abc3d7b8198
- SHA512
  
  4112018a2068c04911da0e46df76fadb0c7a799a4ebab140edd35323bf3f0b24c5f338fc3a2ef17e7d932804663be35a1bb2a715ac863b25884ddd9a15e20331
- SSDEEP
  
  393216:euGRuXHcNIgkQ2viq6gDCFiZqZ2zytHqUVSrdAAo:eumuXHcaQ2vifgeFiZZQKUVdAo
Score

10^/10

blackmoon banker discovery evasion themida trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoveryevasionthemidatrojan

behavioral2

blackmoonbankerdiscoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy