blackmoon | 776ade29cb1614b5e33067bf5e088c56670408ef4df2f1c962b1d2982df2cc4a | Triage

Submit
Reports

Overview

overview

Static

static

776ade29cb...4a.dll

windows7-x64

776ade29cb...4a.dll

windows10-2004-x64

Sharing

General

Target

776ade29cb1614b5e33067bf5e088c56670408ef4df2f1c962b1d2982df2cc4a
Size

2.4MB
Sample

221128-yrq65agg9s
MD5

fbc8d03c47a4f787d505edc8e9864ff2
SHA1

9a5fb35e51e08bccb74ef5fa2f7ea143d0ba14f3
SHA256

776ade29cb1614b5e33067bf5e088c56670408ef4df2f1c962b1d2982df2cc4a
SHA512

03a96e7b4797457fe8eaef660394bb4d0539dab9e26422388b42ea968d78e97faa1a9dee6b620d08049afbc2d058360cbc194fcbc839acb1b5376db693b1ae55
SSDEEP

49152:rSV95vDl8uSGoXemnBFFjzoNd82IOi47n2X0aYISwfwHT:r5Szs1Rd0aYISwfwz

Score

10^/10

blackmoon banker bootkit persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

776ade29cb1614b5e33067bf5e088c56670408ef4df2f1c962b1d2982df2cc4a.dll

Resource

win7-20220901-en

blackmoon banker bootkit persistence trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

776ade29cb1614b5e33067bf5e088c56670408ef4df2f1c962b1d2982df2cc4a.dll

Resource

win10v2004-20220901-en

blackmoon banker bootkit persistence trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  776ade29cb1614b5e33067bf5e088c56670408ef4df2f1c962b1d2982df2cc4a
- Size
  
  2.4MB
- MD5
  
  fbc8d03c47a4f787d505edc8e9864ff2
- SHA1
  
  9a5fb35e51e08bccb74ef5fa2f7ea143d0ba14f3
- SHA256
  
  776ade29cb1614b5e33067bf5e088c56670408ef4df2f1c962b1d2982df2cc4a
- SHA512
  
  03a96e7b4797457fe8eaef660394bb4d0539dab9e26422388b42ea968d78e97faa1a9dee6b620d08049afbc2d058360cbc194fcbc839acb1b5376db693b1ae55
- SSDEEP
  
  49152:rSV95vDl8uSGoXemnBFFjzoNd82IOi47n2X0aYISwfwHT:r5Szs1Rd0aYISwfwz
Score

10^/10

blackmoon banker bootkit persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankerbootkitpersistencetrojan

behavioral2

blackmoonbankerbootkitpersistencetrojan

© 2018-2024

Terms | Privacy