blackmoon | c5456a45cf87ada0ffc530c869e5c425e5854ef8e2e5eecf365acb72953c70d4 | Triage

Submit
Reports

Overview

overview

Static

static

3

c5456a45cf...4N.exe

windows7-x64

c5456a45cf...4N.exe

windows10-2004-x64

Sharing

General

Target

c5456a45cf87ada0ffc530c869e5c425e5854ef8e2e5eecf365acb72953c70d4N.exe
Size

61KB
Sample

250120-k14xpasjeq
MD5

84a0d2aa6daa8e13784130804b9b0e80
SHA1

50fc13c6250ebdfe5a089be058a9a9b7f02a0f1f
SHA256

c5456a45cf87ada0ffc530c869e5c425e5854ef8e2e5eecf365acb72953c70d4
SHA512

0ccf8b0fc7aeb5d8548eb9cf45e8aac8a122aefd62c7326baa9a084455aeef19b99176283a2fc268b7105b37bd9b3edd8642cf4cc8130dad29c24c27690b2d53
SSDEEP

1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEubr9F:ymb3NkkiQ3mdBjFIvIFaEeF

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c5456a45cf87ada0ffc530c869e5c425e5854ef8e2e5eecf365acb72953c70d4N.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan upx

windows7-x64

7 signatures

120 seconds

Behavioral task

behavioral2

Sample

c5456a45cf87ada0ffc530c869e5c425e5854ef8e2e5eecf365acb72953c70d4N.exe

Resource

win10v2004-20241007-en

blackmoon banker discovery trojan upx

windows10-2004-x64

7 signatures

120 seconds

Malware Config

Targets

- Target
  
  c5456a45cf87ada0ffc530c869e5c425e5854ef8e2e5eecf365acb72953c70d4N.exe
- Size
  
  61KB
- MD5
  
  84a0d2aa6daa8e13784130804b9b0e80
- SHA1
  
  50fc13c6250ebdfe5a089be058a9a9b7f02a0f1f
- SHA256
  
  c5456a45cf87ada0ffc530c869e5c425e5854ef8e2e5eecf365acb72953c70d4
- SHA512
  
  0ccf8b0fc7aeb5d8548eb9cf45e8aac8a122aefd62c7326baa9a084455aeef19b99176283a2fc268b7105b37bd9b3edd8642cf4cc8130dad29c24c27690b2d53
- SSDEEP
  
  1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEubr9F:ymb3NkkiQ3mdBjFIvIFaEeF
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy