blackmoon | 4abbc34a815105605889a5ca7a686db285d9be6d0b5a1985a050c98771aa0c35 | Triage

Submit
Reports

Overview

overview

Static

static

3

4abbc34a81...35.exe

windows7-x64

4abbc34a81...35.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

4abbc34a815105605889a5ca7a686db285d9be6d0b5a1985a050c98771aa0c35
Size

9.4MB
Sample

240911-yvle2szgkp
MD5

fec06a55f3d891205feae67542e26a4c
SHA1

058d02466d8c1a9a6d581e8be80770138a3814e9
SHA256

4abbc34a815105605889a5ca7a686db285d9be6d0b5a1985a050c98771aa0c35
SHA512

d2b078debba67b059170562eef980325c08fb262825e27a5141f2e6cf6cf7a00c17d7f56891e83bebdf726215f5819a85f9063e10722b91c1dc655628e4f7ca9
SSDEEP

196608:10/mS/lrNDbtXRd6SdJN75tLj/B1DW/RG768DIbIKXDXu0RBBY1F3B9pjTg:iO0lFbN6ydLj/L768EkKzXuABB2B9pjU

Score

10^/10

blackmoon banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4abbc34a815105605889a5ca7a686db285d9be6d0b5a1985a050c98771aa0c35.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4abbc34a815105605889a5ca7a686db285d9be6d0b5a1985a050c98771aa0c35.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4abbc34a815105605889a5ca7a686db285d9be6d0b5a1985a050c98771aa0c35
- Size
  
  9.4MB
- MD5
  
  fec06a55f3d891205feae67542e26a4c
- SHA1
  
  058d02466d8c1a9a6d581e8be80770138a3814e9
- SHA256
  
  4abbc34a815105605889a5ca7a686db285d9be6d0b5a1985a050c98771aa0c35
- SHA512
  
  d2b078debba67b059170562eef980325c08fb262825e27a5141f2e6cf6cf7a00c17d7f56891e83bebdf726215f5819a85f9063e10722b91c1dc655628e4f7ca9
- SSDEEP
  
  196608:10/mS/lrNDbtXRd6SdJN75tLj/B1DW/RG768DIbIKXDXu0RBBY1F3B9pjTg:iO0lFbN6ydLj/L768EkKzXuABB2B9pjU
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

behavioral2

blackmoonbankerdiscoverytrojan

© 2018-2025

Terms | Privacy