blackmoon | 2f3a3e776bcdeb21ef0e530be052231ffb2c0cc541c7083c646a4c24b9befe5a | Triage

Submit
Reports

Overview

overview

Static

static

2f3a3e776b...5a.exe

windows7-x64

2f3a3e776b...5a.exe

windows10-2004-x64

Sharing

General

Target

2f3a3e776bcdeb21ef0e530be052231ffb2c0cc541c7083c646a4c24b9befe5a
Size

4.3MB
Sample

230507-a29t8ade59
MD5

ea3e9d19106196e24b10b15d2ae9210d
SHA1

0194afbf5ccd49db5e168815b31b19871b8fdb7f
SHA256

2f3a3e776bcdeb21ef0e530be052231ffb2c0cc541c7083c646a4c24b9befe5a
SHA512

8472297798911213ef8eec4a943898978463756e89a3295f3a4ad12d6a26669cfb9c0c18bfc176d549f99e7b3b0e15a6b06803cbf2040c9aa79d5691f00b55a5
SSDEEP

98304:XqlBDmLNAlORoPZ6YCSEvDAKOHG2eSgw41WSqBgZT4kxL4tbezpJ:XqvtkiR6YCSEvKm4IqiZ3YeNJ

Score

10^/10

blackmoon banker bootkit persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2f3a3e776bcdeb21ef0e530be052231ffb2c0cc541c7083c646a4c24b9befe5a.exe

Resource

win7-20230220-en

blackmoon banker bootkit persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2f3a3e776bcdeb21ef0e530be052231ffb2c0cc541c7083c646a4c24b9befe5a.exe

Resource

win10v2004-20230220-en

blackmoon banker bootkit persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2f3a3e776bcdeb21ef0e530be052231ffb2c0cc541c7083c646a4c24b9befe5a
- Size
  
  4.3MB
- MD5
  
  ea3e9d19106196e24b10b15d2ae9210d
- SHA1
  
  0194afbf5ccd49db5e168815b31b19871b8fdb7f
- SHA256
  
  2f3a3e776bcdeb21ef0e530be052231ffb2c0cc541c7083c646a4c24b9befe5a
- SHA512
  
  8472297798911213ef8eec4a943898978463756e89a3295f3a4ad12d6a26669cfb9c0c18bfc176d549f99e7b3b0e15a6b06803cbf2040c9aa79d5691f00b55a5
- SSDEEP
  
  98304:XqlBDmLNAlORoPZ6YCSEvDAKOHG2eSgw41WSqBgZT4kxL4tbezpJ:XqvtkiR6YCSEvKm4IqiZ3YeNJ
Score

10^/10

blackmoon banker bootkit persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blackmoonbankerbootkitpersistencetrojan

behavioral2

blackmoonbankerbootkitpersistencetrojan

© 2018-2024

Terms | Privacy