blackmoon | 1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1 | Triage

Submit
Reports

Overview

overview

Static

static

1f726e5420...c1.exe

windows7-x64

1f726e5420...c1.exe

windows10-2004-x64

Sharing

General

Target

1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1
Size

485KB
Sample

240918-xz7y6sydmc
MD5

a73729110af72f656a3d255bf48ae9e1
SHA1

64c799d5a4d60d781a5baa97239f805ec690b0a0
SHA256

1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1
SHA512

ab6374f73f20ef42bd78c1a8d40428c26fb2dc3058749772cd7a06a75fb67ccaededf30bcbf99ad9c3820a365a09b2f69862f97dc6051a31190e55907bb0ef83
SSDEEP

6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVV:n3C9ytvngQjgtvngSV3CPobNVV

Score

10^/10

blackmoon njrat banker discovery trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe

Resource

win7-20240903-en

blackmoon njrat banker discovery trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe

Resource

win10v2004-20240802-en

blackmoon njrat banker discovery trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1
- Size
  
  485KB
- MD5
  
  a73729110af72f656a3d255bf48ae9e1
- SHA1
  
  64c799d5a4d60d781a5baa97239f805ec690b0a0
- SHA256
  
  1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1
- SHA512
  
  ab6374f73f20ef42bd78c1a8d40428c26fb2dc3058749772cd7a06a75fb67ccaededf30bcbf99ad9c3820a365a09b2f69862f97dc6051a31190e55907bb0ef83
- SSDEEP
  
  6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVV:n3C9ytvngQjgtvngSV3CPobNVV
Score

10^/10

blackmoon njrat banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonnjratbankerdiscoverytrojanupx

behavioral2

blackmoonnjratbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy