blackmoon | 0fc8958dd8c58b25e5d51270c5fc3c6cad8e6d802218c00888caccf2b70bd1c4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

0fc8958dd8...c4.exe

windows7-x64

0fc8958dd8...c4.exe

windows10-2004-x64

Sharing

General

Target

0fc8958dd8c58b25e5d51270c5fc3c6cad8e6d802218c00888caccf2b70bd1c4.exe
Size

454KB
Sample

250204-zl7gla1qey
MD5

f6bd14465e441e6f28002696bfe138ae
SHA1

b3ccf39798e6db7a6a78dbfa73b3578f46701250
SHA256

0fc8958dd8c58b25e5d51270c5fc3c6cad8e6d802218c00888caccf2b70bd1c4
SHA512

45042470260f7dbfd89177bf382bff83c6e5184562e626c32e90a803ed54b8d5e020d81f883f97fc97701196918db11469e82e5a6339a96cb672e51764b89c64
SSDEEP

6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAben:q7Tc2NYHUrAwfMp3CDn

Score

10^/10

blackmoon banker discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fc8958dd8c58b25e5d51270c5fc3c6cad8e6d802218c00888caccf2b70bd1c4.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan upx

windows7-x64

7 signatures

120 seconds

Behavioral task

behavioral2

Sample

0fc8958dd8c58b25e5d51270c5fc3c6cad8e6d802218c00888caccf2b70bd1c4.exe

Resource

win10v2004-20250129-en

blackmoon banker discovery trojan upx

windows10-2004-x64

7 signatures

120 seconds

Malware Config

Targets

- Target
  
  0fc8958dd8c58b25e5d51270c5fc3c6cad8e6d802218c00888caccf2b70bd1c4.exe
- Size
  
  454KB
- MD5
  
  f6bd14465e441e6f28002696bfe138ae
- SHA1
  
  b3ccf39798e6db7a6a78dbfa73b3578f46701250
- SHA256
  
  0fc8958dd8c58b25e5d51270c5fc3c6cad8e6d802218c00888caccf2b70bd1c4
- SHA512
  
  45042470260f7dbfd89177bf382bff83c6e5184562e626c32e90a803ed54b8d5e020d81f883f97fc97701196918db11469e82e5a6339a96cb672e51764b89c64
- SSDEEP
  
  6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAben:q7Tc2NYHUrAwfMp3CDn
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

© 2018-2025

Terms | Privacy