blackmoon | 1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

1a2321e84b...6b.exe

windows7-x64

1a2321e84b...6b.exe

windows10-2004-x64

Sharing

General

Target

1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b
Size

230KB
Sample

240908-x2hr3athje
MD5

517281f7bd56a43094ec1300f76f4e2f
SHA1

26235c95e67a2e5cd3869d5e0c49658c9f6bbef6
SHA256

1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b
SHA512

d2b334d69248fe135cbbb75bd9145dc22b95ede8048302ac8bda138a16b2c3fdf60de55c531a6ced06bbfe1cd0ddc36169ebc12ac568fab67df5e043a7ac02ea
SSDEEP

3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1fE:n3C9BRo7MlrWKo+lxKk1c

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b
- Size
  
  230KB
- MD5
  
  517281f7bd56a43094ec1300f76f4e2f
- SHA1
  
  26235c95e67a2e5cd3869d5e0c49658c9f6bbef6
- SHA256
  
  1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b
- SHA512
  
  d2b334d69248fe135cbbb75bd9145dc22b95ede8048302ac8bda138a16b2c3fdf60de55c531a6ced06bbfe1cd0ddc36169ebc12ac568fab67df5e043a7ac02ea
- SSDEEP
  
  3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1fE:n3C9BRo7MlrWKo+lxKk1c
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy