blackmoon | adfcffc7faf99bfb32d9de46b8c137759fbcc39885631bb6a218746cab0cd136 | Triage

Submit
Reports

Overview

overview

Static

static

2025-04-22...er.exe

windows10-2004-x64

2025-04-22...er.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-22_457f582efe68576b39e1e54c319c923f_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader
Size

12.7MB
Sample

250422-bm3b9stl12
MD5

457f582efe68576b39e1e54c319c923f
SHA1

75878071f6fd7ce0dac3b90529c15699941528f9
SHA256

adfcffc7faf99bfb32d9de46b8c137759fbcc39885631bb6a218746cab0cd136
SHA512

28deb16b0bcf3fef45d051c0c72dfc106c243002cd31b4fcaf79696133325821d101bc53b13900208883ed2e7f9c1437cc528a321b064d0d0a52bd2d65387176
SSDEEP

196608:o3XTYQmknGzwHaOtVPHd9swFBubKLtchEYX2AxFpx4g1JoHZiDzDhpyT4t23:4ujzwV3BubKyeapug7ciDzDhpyTv3

Score

10^/10

blackmoon mimikatz banker discovery trojan

Static task

static1

blackmoon mimikatz

6 signatures

Behavioral task

behavioral1

Sample

2025-04-22_457f582efe68576b39e1e54c319c923f_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader.exe

Resource

win10v2004-20250313-en

blackmoon mimikatz banker discovery trojan

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-22_457f582efe68576b39e1e54c319c923f_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader.exe

Resource

win11-20250410-en

blackmoon mimikatz banker discovery trojan

windows11-21h2-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-22_457f582efe68576b39e1e54c319c923f_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader
- Size
  
  12.7MB
- MD5
  
  457f582efe68576b39e1e54c319c923f
- SHA1
  
  75878071f6fd7ce0dac3b90529c15699941528f9
- SHA256
  
  adfcffc7faf99bfb32d9de46b8c137759fbcc39885631bb6a218746cab0cd136
- SHA512
  
  28deb16b0bcf3fef45d051c0c72dfc106c243002cd31b4fcaf79696133325821d101bc53b13900208883ed2e7f9c1437cc528a321b064d0d0a52bd2d65387176
- SSDEEP
  
  196608:o3XTYQmknGzwHaOtVPHd9swFBubKLtchEYX2AxFpx4g1JoHZiDzDhpyT4t23:4ujzwV3BubKyeapug7ciDzDhpyTv3
Score

10^/10

blackmoon mimikatz banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

blackmoonmimikatz

behavioral1

blackmoonmimikatzbankerdiscoverytrojan

behavioral2

blackmoonmimikatzbankerdiscoverytrojan

© 2018-2025

Terms | Privacy