blackmoon | 3548ff2252f50b9c7a6bddda5ae6d78ecd54fc0e7396c6e04eda2b7c4a319b0d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

3548ff2252...0d.exe

windows7-x64

3548ff2252...0d.exe

windows10-2004-x64

Sharing

General

Target

3548ff2252f50b9c7a6bddda5ae6d78ecd54fc0e7396c6e04eda2b7c4a319b0d
Size

1.4MB
Sample

241010-dz5z2asbrn
MD5

bbcf0b61e89609c55b857e7b721a383d
SHA1

ede9082fd838f08b10e6074ed70f90d6ee2dbc20
SHA256

3548ff2252f50b9c7a6bddda5ae6d78ecd54fc0e7396c6e04eda2b7c4a319b0d
SHA512

d7a38587bc4487f4f2a645555b37ed51f16d110912782dc37667bdf46f2fd160ab2774a7a46123749ed7393efd8cb9c311f700eaa47ad4973deb267a038c1d30
SSDEEP

24576:M6kVbMHt9Ti59958eW2ZMI9v+CQ9t4ssA4MahS0VXzAK1JaUdx/j1WCZHbjJsD63:MFVbgTWk2ZMTI355aqnNbjJT

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3548ff2252f50b9c7a6bddda5ae6d78ecd54fc0e7396c6e04eda2b7c4a319b0d.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3548ff2252f50b9c7a6bddda5ae6d78ecd54fc0e7396c6e04eda2b7c4a319b0d.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  3548ff2252f50b9c7a6bddda5ae6d78ecd54fc0e7396c6e04eda2b7c4a319b0d
- Size
  
  1.4MB
- MD5
  
  bbcf0b61e89609c55b857e7b721a383d
- SHA1
  
  ede9082fd838f08b10e6074ed70f90d6ee2dbc20
- SHA256
  
  3548ff2252f50b9c7a6bddda5ae6d78ecd54fc0e7396c6e04eda2b7c4a319b0d
- SHA512
  
  d7a38587bc4487f4f2a645555b37ed51f16d110912782dc37667bdf46f2fd160ab2774a7a46123749ed7393efd8cb9c311f700eaa47ad4973deb267a038c1d30
- SSDEEP
  
  24576:M6kVbMHt9Ti59958eW2ZMI9v+CQ9t4ssA4MahS0VXzAK1JaUdx/j1WCZHbjJsD63:MFVbgTWk2ZMTI355aqnNbjJT
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy