blackmoon | a59956298ca83b926be51a6f06ce0653ad25c5d1fbc774f9045241c023957f4f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

d3e98a6375...18.exe

windows7-x64

d3e98a6375...18.exe

windows10-2004-x64

Sharing

General

Target

d3e98a63755f98df383f5bb10c478dcf_JaffaCakes118
Size

283KB
Sample

240908-j1glqaveln
MD5

d3e98a63755f98df383f5bb10c478dcf
SHA1

9556d68aeebf1e00faf779ecfd263c84a2d3f627
SHA256

a59956298ca83b926be51a6f06ce0653ad25c5d1fbc774f9045241c023957f4f
SHA512

5ef07507bec1f1d5002426e901b1da517f0b9e54018709927b1da1cb2cfb9e7c424fe130afdd732a4d123e0c77aed7ee43c8b20a35387dfcd8f7452cfa8f52cd
SSDEEP

6144:u8lmJK3KPMAFxR2GOcrujXmGuxdw/wIY4RHlA+2fuQkC9boKn:jmJ9z57byjXmGMW/wCFA+22PC9bln

Score

10^/10

blackmoon aspackv2 banker discovery persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d3e98a63755f98df383f5bb10c478dcf_JaffaCakes118.exe

Resource

win7-20240903-en

blackmoon aspackv2 banker discovery persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3e98a63755f98df383f5bb10c478dcf_JaffaCakes118.exe

Resource

win10v2004-20240802-en

blackmoon aspackv2 banker discovery persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3e98a63755f98df383f5bb10c478dcf_JaffaCakes118
- Size
  
  283KB
- MD5
  
  d3e98a63755f98df383f5bb10c478dcf
- SHA1
  
  9556d68aeebf1e00faf779ecfd263c84a2d3f627
- SHA256
  
  a59956298ca83b926be51a6f06ce0653ad25c5d1fbc774f9045241c023957f4f
- SHA512
  
  5ef07507bec1f1d5002426e901b1da517f0b9e54018709927b1da1cb2cfb9e7c424fe130afdd732a4d123e0c77aed7ee43c8b20a35387dfcd8f7452cfa8f52cd
- SSDEEP
  
  6144:u8lmJK3KPMAFxR2GOcrujXmGuxdw/wIY4RHlA+2fuQkC9boKn:jmJ9z57byjXmGMW/wCFA+22PC9bln
Score

10^/10

blackmoon aspackv2 banker discovery persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonaspackv2bankerdiscoverypersistencetrojan

behavioral2

blackmoonaspackv2bankerdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy