blackmoon | 30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

30d4ef807a...b9.exe

windows7-x64

30d4ef807a...b9.exe

windows10-2004-x64

Sharing

General

Target

30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9
Size

6.4MB
Sample

240913-htcths1apa
MD5

dcbdd831f36abea3aa671235d45d8617
SHA1

def917bf8c8fef22dc701af46a8157c6e3aa6114
SHA256

30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9
SHA512

e830e00f1bcb038d771cd3f5a78157500b0d33d964433611dd5f25e32240de887d7f5cdb2cfcdb8496fbf0c09dcdc91ba93023a0fb8cfb867eed289db8dc0bad
SSDEEP

98304:BxMsFme9BLT2nmYQNwlt9lQoVf2B3eoh7whgBiux19C1B5BaL7HRJPfaL:B2aBLqnmY8wjpUO8gYx19YTq7HLK

Score

10^/10

blackmoon banker discovery trojan vmprotect

Static task

static1

vmprotect blackmoon

4 signatures

Behavioral task

behavioral1

Sample

30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9.exe

Resource

win7-20240704-en

blackmoon banker discovery trojan vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9
- Size
  
  6.4MB
- MD5
  
  dcbdd831f36abea3aa671235d45d8617
- SHA1
  
  def917bf8c8fef22dc701af46a8157c6e3aa6114
- SHA256
  
  30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9
- SHA512
  
  e830e00f1bcb038d771cd3f5a78157500b0d33d964433611dd5f25e32240de887d7f5cdb2cfcdb8496fbf0c09dcdc91ba93023a0fb8cfb867eed289db8dc0bad
- SSDEEP
  
  98304:BxMsFme9BLT2nmYQNwlt9lQoVf2B3eoh7whgBiux19C1B5BaL7HRJPfaL:B2aBLqnmY8wjpUO8gYx19YTq7HLK
Score

10^/10

blackmoon banker discovery trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vmprotectblackmoon

behavioral1

blackmoonbankerdiscoverytrojanvmprotect

behavioral2

blackmoonbankerdiscoverytrojanvmprotect

© 2018-2025

Terms | Privacy