blackmoon | c961b2e6f55bb61679b05fc2f7682b9b9dc38a8ebed6d13a765b5616c02537a4 | Triage

Submit
Reports

Overview

overview

Static

static

5

c961b2e6f5...a4.exe

windows7-x64

c961b2e6f5...a4.exe

windows10-2004-x64

Sharing

General

Target

c961b2e6f55bb61679b05fc2f7682b9b9dc38a8ebed6d13a765b5616c02537a4.exe
Size

69KB
Sample

241125-csfwwssrc1
MD5

edb9a65619a546dd5a1b6575fbdc8c4a
SHA1

ce51a59dd2a56d26fbc39fd49e8466dab85a60c9
SHA256

c961b2e6f55bb61679b05fc2f7682b9b9dc38a8ebed6d13a765b5616c02537a4
SHA512

39e37f58d7762bd1d7904068d1c7ca675e7f1652fda9d3dfefcb5a66a83b7f8d70dac3d6bef23c140f4d7eebed639f42ec23d3cb581c8e885c4244ae0ea5626b
SSDEEP

1536:TPyr5BWPJgzJrQsA4MJ8SS5gq9a2pJ+jZOb4W9nouy8aV:T6DJrXAnHmgMJ+dOnFoutaV

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c961b2e6f55bb61679b05fc2f7682b9b9dc38a8ebed6d13a765b5616c02537a4.exe

Resource

win7-20241023-en

blackmoon banker discovery trojan upx

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

c961b2e6f55bb61679b05fc2f7682b9b9dc38a8ebed6d13a765b5616c02537a4.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan upx

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  c961b2e6f55bb61679b05fc2f7682b9b9dc38a8ebed6d13a765b5616c02537a4.exe
- Size
  
  69KB
- MD5
  
  edb9a65619a546dd5a1b6575fbdc8c4a
- SHA1
  
  ce51a59dd2a56d26fbc39fd49e8466dab85a60c9
- SHA256
  
  c961b2e6f55bb61679b05fc2f7682b9b9dc38a8ebed6d13a765b5616c02537a4
- SHA512
  
  39e37f58d7762bd1d7904068d1c7ca675e7f1652fda9d3dfefcb5a66a83b7f8d70dac3d6bef23c140f4d7eebed639f42ec23d3cb581c8e885c4244ae0ea5626b
- SSDEEP
  
  1536:TPyr5BWPJgzJrQsA4MJ8SS5gq9a2pJ+jZOb4W9nouy8aV:T6DJrXAnHmgMJ+dOnFoutaV
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy