blackmoon | 2d9488da06df69fd6cfefce5d89d9323bbf8d67d72a9bfbb2feeb14bdc42fcfa | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2025-03-21...ys.exe

windows7-x64

2025-03-21...ys.exe

windows10-2004-x64

Sharing

General

Target

2025-03-21_47cda462f1ca23b0b56cbc900b35a831_hacktools_icedid_remcos_rhadamanthys
Size

4.7MB
Sample

250321-jz9k4syq12
MD5

47cda462f1ca23b0b56cbc900b35a831
SHA1

fc6d59bc48277e98f8d55504740b12c72bfd1eb2
SHA256

2d9488da06df69fd6cfefce5d89d9323bbf8d67d72a9bfbb2feeb14bdc42fcfa
SHA512

23703b74753ad56d4f529a3fee11d592d7d428a35c25ebdea46e97cedff037f567177326851e119b31857d98a84869f721407241e0585573eaaccdf900fdbae9
SSDEEP

98304:DwN9V/TKWfxlcswUr+cIJA0QTJfT+E5/u4:C9V/TZlv/+cP0QTtyL4

Score

10^/10

blackmoon banker discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-03-21_47cda462f1ca23b0b56cbc900b35a831_hacktools_icedid_remcos_rhadamanthys.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-21_47cda462f1ca23b0b56cbc900b35a831_hacktools_icedid_remcos_rhadamanthys.exe

Resource

win10v2004-20250314-en

blackmoon banker discovery trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-03-21_47cda462f1ca23b0b56cbc900b35a831_hacktools_icedid_remcos_rhadamanthys
- Size
  
  4.7MB
- MD5
  
  47cda462f1ca23b0b56cbc900b35a831
- SHA1
  
  fc6d59bc48277e98f8d55504740b12c72bfd1eb2
- SHA256
  
  2d9488da06df69fd6cfefce5d89d9323bbf8d67d72a9bfbb2feeb14bdc42fcfa
- SHA512
  
  23703b74753ad56d4f529a3fee11d592d7d428a35c25ebdea46e97cedff037f567177326851e119b31857d98a84869f721407241e0585573eaaccdf900fdbae9
- SSDEEP
  
  98304:DwN9V/TKWfxlcswUr+cIJA0QTJfT+E5/u4:C9V/TZlv/+cP0QTtyL4
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

behavioral2

blackmoonbankerdiscoverytrojan

© 2018-2025

Terms | Privacy