blackmoon | 4c3a6331387f37800b414e0548cbd59dde3c101d8b8b931fbee54c7897066439 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

4c3a633138...39.exe

windows7-x64

4c3a633138...39.exe

windows10-2004-x64

Sharing

General

Target

4c3a6331387f37800b414e0548cbd59dde3c101d8b8b931fbee54c7897066439
Size

8.7MB
Sample

241002-zhkhnaygrg
MD5

55be826ed814cf1ba2d7d3b48727d847
SHA1

c2d0c2f98508039dcaa08843d9ece01d5275d4bf
SHA256

4c3a6331387f37800b414e0548cbd59dde3c101d8b8b931fbee54c7897066439
SHA512

4f08f2aa8f4d99be48f4c82cb91305f0e67436523e7e7fadcc1da0347ead456ea354bc9813e8449959bdf40517d94cfb690dc8448307b4ab2dd1cb3cc86a30b0
SSDEEP

196608:ymrEEL55UopMitAGaEXq1k3jZvOjtGPdFYgvAlEL2x8rZ0oPH7JkdcylVwO:PhX6G41kTROjWd/vA+2xk0SH7ydcF

Score

10^/10

blackmoon banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4c3a6331387f37800b414e0548cbd59dde3c101d8b8b931fbee54c7897066439.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c3a6331387f37800b414e0548cbd59dde3c101d8b8b931fbee54c7897066439.exe

Resource

win10v2004-20240802-en

blackmoon banker discovery trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  4c3a6331387f37800b414e0548cbd59dde3c101d8b8b931fbee54c7897066439
- Size
  
  8.7MB
- MD5
  
  55be826ed814cf1ba2d7d3b48727d847
- SHA1
  
  c2d0c2f98508039dcaa08843d9ece01d5275d4bf
- SHA256
  
  4c3a6331387f37800b414e0548cbd59dde3c101d8b8b931fbee54c7897066439
- SHA512
  
  4f08f2aa8f4d99be48f4c82cb91305f0e67436523e7e7fadcc1da0347ead456ea354bc9813e8449959bdf40517d94cfb690dc8448307b4ab2dd1cb3cc86a30b0
- SSDEEP
  
  196608:ymrEEL55UopMitAGaEXq1k3jZvOjtGPdFYgvAlEL2x8rZ0oPH7JkdcylVwO:PhX6G41kTROjWd/vA+2xk0SH7ydcF
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

behavioral2

blackmoonbankerdiscoverytrojan

© 2018-2025

Terms | Privacy