blackmoon | 5e1c036e9b2f6801fca368d78557bc0257c0582befe8702f8c32e3b1a4a7b014 | Triage

Submit
Reports

Overview

overview

Static

static

5e1c036e9b...14.dll

windows7-x64

5e1c036e9b...14.dll

windows10-2004-x64

Sharing

General

Target

5e1c036e9b2f6801fca368d78557bc0257c0582befe8702f8c32e3b1a4a7b014
Size

2.1MB
Sample

221128-xkq24sch8w
MD5

e140631ab79224484ae4fda102b744d9
SHA1

fd9485beac3ec8e65eeccb7ba9a42824692b4162
SHA256

5e1c036e9b2f6801fca368d78557bc0257c0582befe8702f8c32e3b1a4a7b014
SHA512

b21d0fde7be4080e1925fd5c06c48301373451b201e209f517469312256d052dfe722e36db434b91685e10ea584ecdb65ccdb8f46ef5819e21bd089e6f52d6bd
SSDEEP

49152:+nTnSJ1QleMf1D5xtL4P9nueWMZm9G1BIvM35aw3u:SMQECr34P9njGGTt5J3

Score

10^/10

blackmoon banker bootkit persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

5e1c036e9b2f6801fca368d78557bc0257c0582befe8702f8c32e3b1a4a7b014.dll

Resource

win7-20221111-en

blackmoon banker bootkit persistence trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

5e1c036e9b2f6801fca368d78557bc0257c0582befe8702f8c32e3b1a4a7b014.dll

Resource

win10v2004-20220901-en

blackmoon banker bootkit persistence trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e1c036e9b2f6801fca368d78557bc0257c0582befe8702f8c32e3b1a4a7b014
- Size
  
  2.1MB
- MD5
  
  e140631ab79224484ae4fda102b744d9
- SHA1
  
  fd9485beac3ec8e65eeccb7ba9a42824692b4162
- SHA256
  
  5e1c036e9b2f6801fca368d78557bc0257c0582befe8702f8c32e3b1a4a7b014
- SHA512
  
  b21d0fde7be4080e1925fd5c06c48301373451b201e209f517469312256d052dfe722e36db434b91685e10ea584ecdb65ccdb8f46ef5819e21bd089e6f52d6bd
- SSDEEP
  
  49152:+nTnSJ1QleMf1D5xtL4P9nueWMZm9G1BIvM35aw3u:SMQECr34P9njGGTt5J3
Score

10^/10

blackmoon banker bootkit persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankerbootkitpersistencetrojan

behavioral2

blackmoonbankerbootkitpersistencetrojan

© 2018-2024

Terms | Privacy