blackmoon | 466773d0fb1a6c845c31e33aeb966b02158b3cf1a72e0008b86bd32aa0865a4e | Triage

Sharing

General

Target

466773d0fb1a6c845c31e33aeb966b02158b3cf1a72e0008b86bd32aa0865a4e
Size

837KB
Sample

240508-lxh2gshc26
MD5

174d63283e626248f6183ef68f2e81ef
SHA1

2bd5943c51622c9e131f513f5ffdbd1732e08c34
SHA256

466773d0fb1a6c845c31e33aeb966b02158b3cf1a72e0008b86bd32aa0865a4e
SHA512

41be03fe8ab12f50a0d04c2b2da6c68600e5113f30e4e4569b9cb957f81b469385deeb8f27600ab3fa4156a9634b6ed13e0c71b1f0129dd3c4639e6966fa04de
SSDEEP

24576:vdJtCf7SebJ4U0PDKL4PXQMoNwqe1hQCc5AgfukxAmD9/7s0/ZXl9WvHxp:vdyJCyuIVun

Score

10^/10

blackmoon banker persistence trojan

Malware Config

Targets

- Target
  
  466773d0fb1a6c845c31e33aeb966b02158b3cf1a72e0008b86bd32aa0865a4e
- Size
  
  837KB
- MD5
  
  174d63283e626248f6183ef68f2e81ef
- SHA1
  
  2bd5943c51622c9e131f513f5ffdbd1732e08c34
- SHA256
  
  466773d0fb1a6c845c31e33aeb966b02158b3cf1a72e0008b86bd32aa0865a4e
- SHA512
  
  41be03fe8ab12f50a0d04c2b2da6c68600e5113f30e4e4569b9cb957f81b469385deeb8f27600ab3fa4156a9634b6ed13e0c71b1f0129dd3c4639e6966fa04de
- SSDEEP
  
  24576:vdJtCf7SebJ4U0PDKL4PXQMoNwqe1hQCc5AgfukxAmD9/7s0/ZXl9WvHxp:vdyJCyuIVun
Score

10^/10

blackmoon banker persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Sets file execution options in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerpersistencetrojan

behavioral2

blackmoonbankerpersistencetrojan