blackmoon | b968d3e0114df07d141407588b765d5a8ee45a45ddfeb009e9b227ffd4dc9912 | Triage

Submit
Reports

Overview

overview

Static

static

3

b968d3e011...12.exe

windows7-x64

b968d3e011...12.exe

windows10-2004-x64

Sharing

General

Target

b968d3e0114df07d141407588b765d5a8ee45a45ddfeb009e9b227ffd4dc9912
Size

3.0MB
Sample

241119-m468bszmen
MD5

3ef441b09d3e745fd2f7d28754bed1e8
SHA1

3fb29d3f78b63b640582e5f7a69189bc7485efab
SHA256

b968d3e0114df07d141407588b765d5a8ee45a45ddfeb009e9b227ffd4dc9912
SHA512

af92f959bcba3f4dbe0058f769b86ef5b77b2e3ec60192ac8610133b512792cfd6521152f32bbc3bcfede77a9f444d742e5f65a1ebbe78726d1672025101fa00
SSDEEP

49152:3eaAsvs9gpQrwlMOJdoR5KfYrhAQklXM74svVnomdrUGhUvgCjOwZH6fwQRorRO:3nqCwauR53h6lXMkUnosZhUnjvZH6oQZ

Score

10^/10

blackmoon banker discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b968d3e0114df07d141407588b765d5a8ee45a45ddfeb009e9b227ffd4dc9912.exe

Resource

win7-20240903-en

blackmoon banker discovery evasion trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

b968d3e0114df07d141407588b765d5a8ee45a45ddfeb009e9b227ffd4dc9912.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery evasion trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  b968d3e0114df07d141407588b765d5a8ee45a45ddfeb009e9b227ffd4dc9912
- Size
  
  3.0MB
- MD5
  
  3ef441b09d3e745fd2f7d28754bed1e8
- SHA1
  
  3fb29d3f78b63b640582e5f7a69189bc7485efab
- SHA256
  
  b968d3e0114df07d141407588b765d5a8ee45a45ddfeb009e9b227ffd4dc9912
- SHA512
  
  af92f959bcba3f4dbe0058f769b86ef5b77b2e3ec60192ac8610133b512792cfd6521152f32bbc3bcfede77a9f444d742e5f65a1ebbe78726d1672025101fa00
- SSDEEP
  
  49152:3eaAsvs9gpQrwlMOJdoR5KfYrhAQklXM74svVnomdrUGhUvgCjOwZH6fwQRorRO:3nqCwauR53h6lXMkUnosZhUnjvZH6oQZ
Score

10^/10

blackmoon banker discovery evasion trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UAC bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoveryevasiontrojanupx

behavioral2

blackmoonbankerdiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy