blackmoon | fd515df48333b61e1c5654b37577276bb0e3f608cf27e1313ba8ae8433040fbf | Triage

Submit
Reports

Overview

overview

Static

static

5

fd515df483...bf.exe

windows7-x64

fd515df483...bf.exe

windows10-2004-x64

Sharing

General

Target

fd515df48333b61e1c5654b37577276bb0e3f608cf27e1313ba8ae8433040fbf.exe
Size

70KB
Sample

241217-x8ptysvqgv
MD5

3f3695f7514ba291fdaa2a70b3e37db7
SHA1

55a26f1a7283d5fef987987e368ea9edfbee2590
SHA256

fd515df48333b61e1c5654b37577276bb0e3f608cf27e1313ba8ae8433040fbf
SHA512

0a202da9cf109d85d52d414cc41697bf912bd3361c00041078f3526579485105a8bb469f5a1882cbe3515ae229e3868242194b74886fa00699e6d4b58dcd2c36
SSDEEP

1536:0vQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7qQhtr+mCaWVzC:0hOmTsF93UYfwC6GIoutX8hUDG

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fd515df48333b61e1c5654b37577276bb0e3f608cf27e1313ba8ae8433040fbf.exe

Resource

win7-20241010-en

blackmoon banker discovery trojan upx

windows7-x64

7 signatures

120 seconds

Behavioral task

behavioral2

Sample

fd515df48333b61e1c5654b37577276bb0e3f608cf27e1313ba8ae8433040fbf.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan upx

windows10-2004-x64

7 signatures

120 seconds

Malware Config

Targets

- Target
  
  fd515df48333b61e1c5654b37577276bb0e3f608cf27e1313ba8ae8433040fbf.exe
- Size
  
  70KB
- MD5
  
  3f3695f7514ba291fdaa2a70b3e37db7
- SHA1
  
  55a26f1a7283d5fef987987e368ea9edfbee2590
- SHA256
  
  fd515df48333b61e1c5654b37577276bb0e3f608cf27e1313ba8ae8433040fbf
- SHA512
  
  0a202da9cf109d85d52d414cc41697bf912bd3361c00041078f3526579485105a8bb469f5a1882cbe3515ae229e3868242194b74886fa00699e6d4b58dcd2c36
- SSDEEP
  
  1536:0vQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7qQhtr+mCaWVzC:0hOmTsF93UYfwC6GIoutX8hUDG
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy