blackmoon | cc63a8d887d228cc029b25cd99efc577b05b38da0fd8a4f7e43ef6c6f2a4f03c | Triage

Submit
Reports

Overview

overview

Static

static

3

cc63a8d887...3c.exe

windows7-x64

cc63a8d887...3c.exe

windows10-2004-x64

Sharing

General

Target

cc63a8d887d228cc029b25cd99efc577b05b38da0fd8a4f7e43ef6c6f2a4f03c
Size

9.5MB
Sample

241218-y1e58a1mfr
MD5

23b242a8fbb89af6f7c636e04d2bbd8c
SHA1

111b4bf14ea316484ec6cdedd389ea421a696355
SHA256

cc63a8d887d228cc029b25cd99efc577b05b38da0fd8a4f7e43ef6c6f2a4f03c
SHA512

8f57404aebf7d31179078d354dff7e0db58b2ad2e0054f1caafef91dfce83877e8c051affecae267a44518cc558642080aef3c28d84dbd133a0ad7dfac9b6c20
SSDEEP

196608:10/mSdYvk/YoINOfjgQHwQbz/wA1bEGSFwCkYWI9whTufOXv7:iOBvkZ3fj9rzoA1bbUwWTKTuoj

Score

10^/10

blackmoon banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cc63a8d887d228cc029b25cd99efc577b05b38da0fd8a4f7e43ef6c6f2a4f03c.exe

Resource

win7-20241010-en

blackmoon banker discovery trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc63a8d887d228cc029b25cd99efc577b05b38da0fd8a4f7e43ef6c6f2a4f03c.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cc63a8d887d228cc029b25cd99efc577b05b38da0fd8a4f7e43ef6c6f2a4f03c
- Size
  
  9.5MB
- MD5
  
  23b242a8fbb89af6f7c636e04d2bbd8c
- SHA1
  
  111b4bf14ea316484ec6cdedd389ea421a696355
- SHA256
  
  cc63a8d887d228cc029b25cd99efc577b05b38da0fd8a4f7e43ef6c6f2a4f03c
- SHA512
  
  8f57404aebf7d31179078d354dff7e0db58b2ad2e0054f1caafef91dfce83877e8c051affecae267a44518cc558642080aef3c28d84dbd133a0ad7dfac9b6c20
- SSDEEP
  
  196608:10/mSdYvk/YoINOfjgQHwQbz/wA1bEGSFwCkYWI9whTufOXv7:iOBvkZ3fj9rzoA1bbUwWTKTuoj
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

behavioral2

blackmoonbankerdiscoverytrojan

© 2018-2025

Terms | Privacy