blackmoon | d904a9b6b206b9b8949053788c189ba13b1b615706de859fd5c2f70092ce7348 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

d904a9b6b2...8N.exe

windows7-x64

d904a9b6b2...8N.exe

windows10-2004-x64

Sharing

General

Target

d904a9b6b206b9b8949053788c189ba13b1b615706de859fd5c2f70092ce7348N
Size

60KB
Sample

241018-d1ffrsxdrp
MD5

31df9368bcaad524c0d9467a56a78450
SHA1

2cdbeb9c0ccfb102f1b1e81b53ffb0fe0c9cbd9f
SHA256

d904a9b6b206b9b8949053788c189ba13b1b615706de859fd5c2f70092ce7348
SHA512

29f12a8a24551e1ba51fad1fdb1ea59f13442d8c1c657050e771dce3462ad383688003828739cabb22e7dd5888a462c693b0832ec259fca27c3e0adf28975ea8
SSDEEP

1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEul:ymb3NkkiQ3mdBjFIvIFaEu

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d904a9b6b206b9b8949053788c189ba13b1b615706de859fd5c2f70092ce7348N.exe

Resource

win7-20241010-en

blackmoon banker discovery trojan upx

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

d904a9b6b206b9b8949053788c189ba13b1b615706de859fd5c2f70092ce7348N.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan upx

windows10-2004-x64

6 signatures

120 seconds

Malware Config

Targets

- Target
  
  d904a9b6b206b9b8949053788c189ba13b1b615706de859fd5c2f70092ce7348N
- Size
  
  60KB
- MD5
  
  31df9368bcaad524c0d9467a56a78450
- SHA1
  
  2cdbeb9c0ccfb102f1b1e81b53ffb0fe0c9cbd9f
- SHA256
  
  d904a9b6b206b9b8949053788c189ba13b1b615706de859fd5c2f70092ce7348
- SHA512
  
  29f12a8a24551e1ba51fad1fdb1ea59f13442d8c1c657050e771dce3462ad383688003828739cabb22e7dd5888a462c693b0832ec259fca27c3e0adf28975ea8
- SSDEEP
  
  1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEul:ymb3NkkiQ3mdBjFIvIFaEu
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy