blackmoon | 4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

4f955c852c...a3.dll

windows7-x64

4f955c852c...a3.dll

windows10-2004-x64

Sharing

General

Target

4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3
Size

568KB
Sample

240907-jg629ssgjf
MD5

b8f8d5ebb2e5ceb1be6cce0d9b507348
SHA1

da2bfb5c28673e5db756709a88dabac0c723c1bf
SHA256

4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3
SHA512

6f217ff4ed7812676bdf16dc69644871eb015e5d25676ce7a7cabca175aa6b669b93c8ac2ff595173012633b8d6ec62288df804c3bec020846af9ddac06bedcc
SSDEEP

12288:hTKhyGHAMo1ltnM0fcSzUt7XcdGb9rq+G0e/KhsB:h8nHg1lJM0UeUp4t/Kh

Score

10^/10

blackmoon banker discovery trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3.dll

Resource

win7-20240708-en

blackmoon banker discovery trojan vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3.dll

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3
- Size
  
  568KB
- MD5
  
  b8f8d5ebb2e5ceb1be6cce0d9b507348
- SHA1
  
  da2bfb5c28673e5db756709a88dabac0c723c1bf
- SHA256
  
  4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3
- SHA512
  
  6f217ff4ed7812676bdf16dc69644871eb015e5d25676ce7a7cabca175aa6b669b93c8ac2ff595173012633b8d6ec62288df804c3bec020846af9ddac06bedcc
- SSDEEP
  
  12288:hTKhyGHAMo1ltnM0fcSzUt7XcdGb9rq+G0e/KhsB:h8nHg1lJM0UeUp4t/Kh
Score

10^/10

blackmoon banker discovery trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanvmprotect

behavioral2

blackmoonbankerdiscoverytrojanvmprotect

© 2018-2025

Terms | Privacy