blackmoon | 97d1f96fc0b6f143e003389c52edb73442169f7b98cf4eed16a97bc8cb196124 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

造梦西�...��.url

windows7-x64

1

造梦西�...��.url

windows10-2004-x64

1

造梦西�...��.exe

windows7-x64

造梦西�...��.exe

windows10-2004-x64

Sharing

General

Target

0ce1b53b080ffd1cff0dc6e8db14a9c0_JaffaCakes118
Size

205KB
Sample

241002-3dwlxaweqf
MD5

0ce1b53b080ffd1cff0dc6e8db14a9c0
SHA1

c90a8c046dee9d01389d89a2f6339ec2bfb317d8
SHA256

97d1f96fc0b6f143e003389c52edb73442169f7b98cf4eed16a97bc8cb196124
SHA512

3db1e551a1b9566d3f4f71b8a1f23e95fc00d838750d0e7273f44831f5d0f2ae710e46645efbb58a6b9c8d356d9c8e481f547c962e7b6f6faac60fb8b2b8099c
SSDEEP

6144:pqBn/sWbOEoYsgGng4AGOtD8tAx7raWtkkI:g5/5/On4GOuOraWhI

Score

10^/10

blackmoon banker discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

造梦西游5辅助/更多软件下载.url

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

造梦西游5辅助/更多软件下载.url

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

造梦西游5魂殇修改器.exe

Resource

win7-20240729-en

blackmoon banker discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

造梦西游5魂殇修改器.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  造梦西游5辅助/更多软件下载.url
- Size
  
  219B
- MD5
  
  122e953f3a92541c27cc62db2d9bb0f7
- SHA1
  
  5c85d98b4bce0daac9631297ddb00b005161d131
- SHA256
  
  5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
- SHA512
  
  77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score

1^/10
behavioral1 behavioral2
- Target
  
  造梦西游5魂殇修改器.exe
- Size
  
  468KB
- MD5
  
  59d71e81bca65c7f790d33d317dbe4cc
- SHA1
  
  01fa3b6561274da9d1c5550679e092033a3bb2af
- SHA256
  
  fe5fa6f567d0d5b03e1e38d922fbbfab5f687e2192ffc0585c87dea14f00146c
- SHA512
  
  d7a6990b6298e812ca014521a2a4a0976654eb8fb9d0a4911a1576f37b393d70a7f245e9b52aa074e1c3d9fe917093319f32c70017eb7e911f3937be67d4ff21
- SSDEEP
  
  6144:6a4f07to4inSxvRUNzasgXO88SqER3GsAp5/pv:N4f0a4iSxgzasgP75RNA
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

blackmoonbankerdiscoverytrojan

behavioral4

blackmoonbankerdiscoverytrojan

© 2018-2025

Terms | Privacy