blackmoon | f0c03114b4abc305c2022d2ca4011a677f9bb0887d8a7215516f6f9bf23453d3 | Triage

Submit
Reports

Overview

overview

Static

static

5

JaffaCakes...d3.exe

windows7-x64

JaffaCakes...d3.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_f0c03114b4abc305c2022d2ca4011a677f9bb0887d8a7215516f6f9bf23453d3
Size

1.2MB
Sample

241225-1bsq5aymhk
MD5

cf7bb4bef620059140fa676bb4d28319
SHA1

595e8b808d77f9c98ae8f099b76952e403d05f14
SHA256

f0c03114b4abc305c2022d2ca4011a677f9bb0887d8a7215516f6f9bf23453d3
SHA512

cdfc06667fcb8753eb906e4a1e79b3f170667c1ee1806edeec0c4ce7165c162505ee99453e048c09709ba0d8d33b0ff874b181734a53cd7729f73b9af246257b
SSDEEP

24576:2B0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:2BSDnV3XRfJ/emAUscMoCVuw

Score

10^/10

blackmoon banker discovery persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_f0c03114b4abc305c2022d2ca4011a677f9bb0887d8a7215516f6f9bf23453d3.exe

Resource

win7-20240903-en

blackmoon banker discovery persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_f0c03114b4abc305c2022d2ca4011a677f9bb0887d8a7215516f6f9bf23453d3.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_f0c03114b4abc305c2022d2ca4011a677f9bb0887d8a7215516f6f9bf23453d3
- Size
  
  1.2MB
- MD5
  
  cf7bb4bef620059140fa676bb4d28319
- SHA1
  
  595e8b808d77f9c98ae8f099b76952e403d05f14
- SHA256
  
  f0c03114b4abc305c2022d2ca4011a677f9bb0887d8a7215516f6f9bf23453d3
- SHA512
  
  cdfc06667fcb8753eb906e4a1e79b3f170667c1ee1806edeec0c4ce7165c162505ee99453e048c09709ba0d8d33b0ff874b181734a53cd7729f73b9af246257b
- SSDEEP
  
  24576:2B0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:2BSDnV3XRfJ/emAUscMoCVuw
Score

10^/10

blackmoon banker discovery persistence trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverypersistencetrojanupx

behavioral2

blackmoonbankerdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy