blackmoon | 027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

027b1105ae...bN.exe

windows7-x64

027b1105ae...bN.exe

windows10-2004-x64

Sharing

General

Target

027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891bN
Size

80KB
Sample

240930-dkrh4aygpb
MD5

03195d14c12a391bff77049cc121a240
SHA1

4ebd807db9270f9bf794b1754b76b8d9be14e19d
SHA256

027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891b
SHA512

be31a3a395889eaa8e3d7286608ac6204349cdbb685fc736961439032ea842e05751ae94f81140b0dc6c849b876e3094f6929befa1b16337598bdad7b2a247ed
SSDEEP

1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeCH:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4T

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891bN.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan upx

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891bN.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan upx

windows10-2004-x64

6 signatures

120 seconds

Malware Config

Targets

- Target
  
  027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891bN
- Size
  
  80KB
- MD5
  
  03195d14c12a391bff77049cc121a240
- SHA1
  
  4ebd807db9270f9bf794b1754b76b8d9be14e19d
- SHA256
  
  027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891b
- SHA512
  
  be31a3a395889eaa8e3d7286608ac6204349cdbb685fc736961439032ea842e05751ae94f81140b0dc6c849b876e3094f6929befa1b16337598bdad7b2a247ed
- SSDEEP
  
  1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeCH:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4T
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy