blackmoon | ab48643a0b614c89f0c8486b58980577657be7479de0ffafeb10f45ead1c1027 | Triage

Submit
Reports

Overview

overview

Static

static

2025-04-03...er.exe

windows10-2004-x64

Sharing

General

Target

2025-04-03_2784c804b909d689fb2723e292357ca5_amadey_cloudeye_hacktools_mimikatz_rhadamanthys_smoke-loader
Size

12.3MB
Sample

250403-dm8v6a1jy2
MD5

2784c804b909d689fb2723e292357ca5
SHA1

4fcace4a9b260ada92690fbc2a64a94a4161f767
SHA256

ab48643a0b614c89f0c8486b58980577657be7479de0ffafeb10f45ead1c1027
SHA512

08dc330f9698e1f8d42ccd1632636cebd7f25e71858e6dfce688bb497809a5db7110c63cbd68f8ba6043a8f9a07c6459effec31682192fe716beebe94aa7110c
SSDEEP

196608:o3XTYQmknGzwHaOtVPHd9swFBubKLtchEYX2AxFpx4g1JoHZiDzDhpyT4t2:4ujzwV3BubKyeapug7ciDzDhpyTv

Score

10^/10

blackmoon mimikatz banker discovery trojan

Static task

static1

blackmoon mimikatz

6 signatures

Behavioral task

behavioral1

Sample

2025-04-03_2784c804b909d689fb2723e292357ca5_amadey_cloudeye_hacktools_mimikatz_rhadamanthys_smoke-loader.exe

Resource

win10v2004-20250314-en

blackmoon mimikatz banker discovery trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-03_2784c804b909d689fb2723e292357ca5_amadey_cloudeye_hacktools_mimikatz_rhadamanthys_smoke-loader
- Size
  
  12.3MB
- MD5
  
  2784c804b909d689fb2723e292357ca5
- SHA1
  
  4fcace4a9b260ada92690fbc2a64a94a4161f767
- SHA256
  
  ab48643a0b614c89f0c8486b58980577657be7479de0ffafeb10f45ead1c1027
- SHA512
  
  08dc330f9698e1f8d42ccd1632636cebd7f25e71858e6dfce688bb497809a5db7110c63cbd68f8ba6043a8f9a07c6459effec31682192fe716beebe94aa7110c
- SSDEEP
  
  196608:o3XTYQmknGzwHaOtVPHd9swFBubKLtchEYX2AxFpx4g1JoHZiDzDhpyT4t2:4ujzwV3BubKyeapug7ciDzDhpyTv
Score

10^/10

blackmoon mimikatz banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

blackmoonmimikatz

behavioral1

blackmoonmimikatzbankerdiscoverytrojan

© 2018-2025

Terms | Privacy