blackmoon | 45ee6693f429120d248d587d46d8326eeb62c2cb4523fd0474cafe7a833cf43d | Triage

Submit
Reports

Overview

overview

Static

static

45ee6693f4...dN.exe

windows7-x64

45ee6693f4...dN.exe

windows10-2004-x64

Sharing

General

Target

45ee6693f429120d248d587d46d8326eeb62c2cb4523fd0474cafe7a833cf43dN.exe
Size

2.3MB
Sample

241231-lrp8lsxkan
MD5

c3e670b5f737cdb039065f85856a8b60
SHA1

3d8f2b12d3771f76b72f14aff1184df81226b26b
SHA256

45ee6693f429120d248d587d46d8326eeb62c2cb4523fd0474cafe7a833cf43d
SHA512

4ee19a3cf9ed97b24ec07e7a8f6706ea16cecac55565f8731d66250ad1f3aa6206c5ea462b4f6521f08e089f22698714019210db1a545e3e6458944ba867f247
SSDEEP

24576:3qzIIUgC8d36kLBXlnB8j7v5Ta+hLLQ20JmXSeWwa1oWJQjk0svTS/PPsbb1hwRV:3sCOfN6X5tLLQTg20ITS/PPs/1kS4ey

Score

10^/10

blackmoon njrat banker discovery trojan upx

Static task

static1

upx blackmoon njrat

5 signatures

Behavioral task

behavioral1

Sample

45ee6693f429120d248d587d46d8326eeb62c2cb4523fd0474cafe7a833cf43dN.exe

Resource

win7-20240903-en

blackmoon njrat banker discovery trojan upx

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

45ee6693f429120d248d587d46d8326eeb62c2cb4523fd0474cafe7a833cf43dN.exe

Resource

win10v2004-20241007-en

blackmoon njrat banker discovery trojan upx

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  45ee6693f429120d248d587d46d8326eeb62c2cb4523fd0474cafe7a833cf43dN.exe
- Size
  
  2.3MB
- MD5
  
  c3e670b5f737cdb039065f85856a8b60
- SHA1
  
  3d8f2b12d3771f76b72f14aff1184df81226b26b
- SHA256
  
  45ee6693f429120d248d587d46d8326eeb62c2cb4523fd0474cafe7a833cf43d
- SHA512
  
  4ee19a3cf9ed97b24ec07e7a8f6706ea16cecac55565f8731d66250ad1f3aa6206c5ea462b4f6521f08e089f22698714019210db1a545e3e6458944ba867f247
- SSDEEP
  
  24576:3qzIIUgC8d36kLBXlnB8j7v5Ta+hLLQ20JmXSeWwa1oWJQjk0svTS/PPsbb1hwRV:3sCOfN6X5tLLQTg20ITS/PPs/1kS4ey
Score

10^/10

blackmoon njrat banker discovery trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxblackmoonnjrat

behavioral1

blackmoonnjratbankerdiscoverytrojanupx

behavioral2

blackmoonnjratbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy