blackmoon | b04e25273a623e1018cc7802c020e2ea526570c96f0e64496d3c7d3eaac4efac | Triage

Submit
Reports

Overview

overview

Static

static

3

eb48fc5b74...18.exe

windows7-x64

eb48fc5b74...18.exe

windows10-2004-x64

Sharing

General

Target

eb48fc5b74bd3046d4b7cba0ddbf401d_JaffaCakes118
Size

100KB
Sample

240919-n4bbbsxbjc
MD5

eb48fc5b74bd3046d4b7cba0ddbf401d
SHA1

a1f67a7593043df3ab0230b293de1bfd9794c7a8
SHA256

b04e25273a623e1018cc7802c020e2ea526570c96f0e64496d3c7d3eaac4efac
SHA512

fb3efd8b8c0edcc404d4f09151ad46a3b3fb1e81ffb1dfce083ae5d87974a6c07e176ae1e871d31cd1ec2581551124dc5e4ef65ae9ae1870cf3fae02f474725a
SSDEEP

3072:fBnd3YXHOXck48SBwQgnSxld2Wi0oVpZOm364eDx:fBndok4VSnqlmdhS

Score

10^/10

blackmoon banker discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eb48fc5b74bd3046d4b7cba0ddbf401d_JaffaCakes118.exe

Resource

win7-20240903-en

blackmoon banker discovery persistence trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb48fc5b74bd3046d4b7cba0ddbf401d_JaffaCakes118.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery persistence trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb48fc5b74bd3046d4b7cba0ddbf401d_JaffaCakes118
- Size
  
  100KB
- MD5
  
  eb48fc5b74bd3046d4b7cba0ddbf401d
- SHA1
  
  a1f67a7593043df3ab0230b293de1bfd9794c7a8
- SHA256
  
  b04e25273a623e1018cc7802c020e2ea526570c96f0e64496d3c7d3eaac4efac
- SHA512
  
  fb3efd8b8c0edcc404d4f09151ad46a3b3fb1e81ffb1dfce083ae5d87974a6c07e176ae1e871d31cd1ec2581551124dc5e4ef65ae9ae1870cf3fae02f474725a
- SSDEEP
  
  3072:fBnd3YXHOXck48SBwQgnSxld2Wi0oVpZOm364eDx:fBndok4VSnqlmdhS
Score

10^/10

blackmoon banker discovery persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverypersistencetrojanupx

behavioral2

blackmoonbankerdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy