blackmoon | 86e21c5781de913e5a17fa9b7633c82f9669281ade7ab2aff0dba05d134468b8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

86e21c5781...b8.exe

windows7-x64

86e21c5781...b8.exe

windows10-2004-x64

Sharing

General

Target

86e21c5781de913e5a17fa9b7633c82f9669281ade7ab2aff0dba05d134468b8
Size

4.9MB
Sample

240917-22t8bazepj
MD5

32015ffa59e656dea9ca43bc953655f5
SHA1

dc2d352d93c7d5baf01caa82be5ab07f0a472dc2
SHA256

86e21c5781de913e5a17fa9b7633c82f9669281ade7ab2aff0dba05d134468b8
SHA512

502eca2738943139cb57e884b862aadd052940fe4900ffd46f60f735273bb02a74d51b33dbc6e2a89765be3b4234f47f3056fddb13651f27f7ec77ec943148be
SSDEEP

98304:6ikaW9Vf1T25iCHZWqqVN9iUf4B7iHw3EItOOaQ1+5PxPU:/8hC53q79iz779U5+

Score

10^/10

blackmoon gozi banker discovery isfb persistence privilege_escalation trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

86e21c5781de913e5a17fa9b7633c82f9669281ade7ab2aff0dba05d134468b8.exe

Resource

win7-20240903-en

blackmoon gozi banker discovery isfb persistence privilege_escalation trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

86e21c5781de913e5a17fa9b7633c82f9669281ade7ab2aff0dba05d134468b8.exe

Resource

win10v2004-20240802-en

blackmoon gozi banker discovery isfb persistence privilege_escalation trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  86e21c5781de913e5a17fa9b7633c82f9669281ade7ab2aff0dba05d134468b8
- Size
  
  4.9MB
- MD5
  
  32015ffa59e656dea9ca43bc953655f5
- SHA1
  
  dc2d352d93c7d5baf01caa82be5ab07f0a472dc2
- SHA256
  
  86e21c5781de913e5a17fa9b7633c82f9669281ade7ab2aff0dba05d134468b8
- SHA512
  
  502eca2738943139cb57e884b862aadd052940fe4900ffd46f60f735273bb02a74d51b33dbc6e2a89765be3b4234f47f3056fddb13651f27f7ec77ec943148be
- SSDEEP
  
  98304:6ikaW9Vf1T25iCHZWqqVN9iUf4B7iHw3EItOOaQ1+5PxPU:/8hC53q79iz779U5+
Score

10^/10

blackmoon gozi banker discovery isfb persistence privilege_escalation trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoongozibankerdiscoveryisfbpersistenceprivilege_escalationtrojanupx

behavioral2

blackmoongozibankerdiscoveryisfbpersistenceprivilege_escalationtrojanupx

© 2018-2025

Terms | Privacy