blackmoon | 5627d076492a8b7162fa17faa34179c427e8042b6ca534a841b8119f3610926e | Triage

Submit
Reports

Overview

overview

Static

static

7

9d279f24e5...18.exe

windows7-x64

9d279f24e5...18.exe

windows10-2004-x64

Sharing

General

Target

9d279f24e5dbe935cb9f953c00b0616b_JaffaCakes118
Size

2.7MB
Sample

241125-wzc85azlgz
MD5

9d279f24e5dbe935cb9f953c00b0616b
SHA1

099913cb8da9d2b3436802b766c11170613172ce
SHA256

5627d076492a8b7162fa17faa34179c427e8042b6ca534a841b8119f3610926e
SHA512

2ba19c19ac7a48cba0eea79ea783bc95e6b917973030de549aa5e3de316e2f49ed207bb003bf77c2c503739e503c7697a20e0384b02eabb7b8f27970c1ea30b4
SSDEEP

49152:gcDDhb3gVpehGvkZGj0Z6LlOAoOgkcYG1qOveAqMCDG7vwnVDwbp6lD3NE3g3IY:jD9bQV4GveLZ6pCYG1qB7MCicnaUdkgH

Score

10^/10

blackmoon aspackv2 banker discovery spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9d279f24e5dbe935cb9f953c00b0616b_JaffaCakes118.exe

Resource

win7-20240903-en

blackmoon banker discovery spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9d279f24e5dbe935cb9f953c00b0616b_JaffaCakes118.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  9d279f24e5dbe935cb9f953c00b0616b_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  9d279f24e5dbe935cb9f953c00b0616b
- SHA1
  
  099913cb8da9d2b3436802b766c11170613172ce
- SHA256
  
  5627d076492a8b7162fa17faa34179c427e8042b6ca534a841b8119f3610926e
- SHA512
  
  2ba19c19ac7a48cba0eea79ea783bc95e6b917973030de549aa5e3de316e2f49ed207bb003bf77c2c503739e503c7697a20e0384b02eabb7b8f27970c1ea30b4
- SSDEEP
  
  49152:gcDDhb3gVpehGvkZGj0Z6LlOAoOgkcYG1qOveAqMCDG7vwnVDwbp6lD3NE3g3IY:jD9bQV4GveLZ6pCYG1qB7MCicnaUdkgH
Score

10^/10

blackmoon banker discovery spyware stealer trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoveryspywarestealertrojan

behavioral2

blackmoonbankerdiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy