blackmoon | 813fb50d53dfb907563422867fc86c92205da4270601864112a9f5f0cd2d8c4a | Triage

Submit
Reports

Overview

overview

Static

static

813fb50d53...4a.exe

windows7-x64

7

813fb50d53...4a.exe

windows10-2004-x64

Sharing

General

Target

813fb50d53dfb907563422867fc86c92205da4270601864112a9f5f0cd2d8c4a
Size

800KB
Sample

240908-1a7tnawdnj
MD5

3454759bcf05521d84822ba5d16614f7
SHA1

c3bc8cd4c8dcb2897b653ede3fa209401d64fbd3
SHA256

813fb50d53dfb907563422867fc86c92205da4270601864112a9f5f0cd2d8c4a
SHA512

450a5a767801199fc9fdde39c3b78cdd85b4297d319dd9807a73c8d14b5ffb98330319a84a8b20fc834af4eb05663ba8d163302f7d2b1af0ef47e5348186ba95
SSDEEP

3072:8ewG8fbqPsdE2NTlHwLTiQ1clyZt5m8v2pbz8tRgw9qnYR/11Q:8ewG8fssdE0TlHOTimghVBERZ9qnY

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

813fb50d53dfb907563422867fc86c92205da4270601864112a9f5f0cd2d8c4a.exe

Resource

win7-20240729-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

813fb50d53dfb907563422867fc86c92205da4270601864112a9f5f0cd2d8c4a.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  813fb50d53dfb907563422867fc86c92205da4270601864112a9f5f0cd2d8c4a
- Size
  
  800KB
- MD5
  
  3454759bcf05521d84822ba5d16614f7
- SHA1
  
  c3bc8cd4c8dcb2897b653ede3fa209401d64fbd3
- SHA256
  
  813fb50d53dfb907563422867fc86c92205da4270601864112a9f5f0cd2d8c4a
- SHA512
  
  450a5a767801199fc9fdde39c3b78cdd85b4297d319dd9807a73c8d14b5ffb98330319a84a8b20fc834af4eb05663ba8d163302f7d2b1af0ef47e5348186ba95
- SSDEEP
  
  3072:8ewG8fbqPsdE2NTlHwLTiQ1clyZt5m8v2pbz8tRgw9qnYR/11Q:8ewG8fssdE0TlHOTimghVBERZ9qnY
Score

10^/10

discovery upx blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy