blackmoon | 68b25dc0f5856d9e594db482e2a93225b8af0ec5d31a043288b39f42a587f604 | Triage

Submit
Reports

Overview

overview

Static

static

7

68b25dc0f5...04.exe

windows7-x64

68b25dc0f5...04.exe

windows10-2004-x64

Sharing

General

Target

68b25dc0f5856d9e594db482e2a93225b8af0ec5d31a043288b39f42a587f604
Size

12.0MB
Sample

250221-sej96atna1
MD5

db9e4dae0de899bf7da9211e289644be
SHA1

1e6191af5520b91c996552400dfefd7e42457ed8
SHA256

68b25dc0f5856d9e594db482e2a93225b8af0ec5d31a043288b39f42a587f604
SHA512

0b282deb3b7d22874d85f07daba4e06256f963811d07f462a423fae6f81d541007ace1b5f91a1b3bae4d07ed04825e80e6dc9fa346a9f3cade3aca902f122614
SSDEEP

393216:rttNRj6AbXQ5GZWGGm1cvf/J06ecJIW3wj:rmKAuWbvfC1cJd

Score

10^/10

blackmoon banker discovery trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

68b25dc0f5856d9e594db482e2a93225b8af0ec5d31a043288b39f42a587f604.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

68b25dc0f5856d9e594db482e2a93225b8af0ec5d31a043288b39f42a587f604.exe

Resource

win10v2004-20250217-en

blackmoon banker discovery trojan vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  68b25dc0f5856d9e594db482e2a93225b8af0ec5d31a043288b39f42a587f604
- Size
  
  12.0MB
- MD5
  
  db9e4dae0de899bf7da9211e289644be
- SHA1
  
  1e6191af5520b91c996552400dfefd7e42457ed8
- SHA256
  
  68b25dc0f5856d9e594db482e2a93225b8af0ec5d31a043288b39f42a587f604
- SHA512
  
  0b282deb3b7d22874d85f07daba4e06256f963811d07f462a423fae6f81d541007ace1b5f91a1b3bae4d07ed04825e80e6dc9fa346a9f3cade3aca902f122614
- SSDEEP
  
  393216:rttNRj6AbXQ5GZWGGm1cvf/J06ecJIW3wj:rmKAuWbvfC1cJd
Score

10^/10

blackmoon banker discovery trojan vmprotect
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanvmprotect

behavioral2

blackmoonbankerdiscoverytrojanvmprotect

© 2018-2025

Terms | Privacy