blackmoon | b74fb1e2d98a6571996728e61309ea9ff7f74107798e9336190d8f08a1e43b91 | Triage

Sharing

General

Target

b74fb1e2d98a6571996728e61309ea9ff7f74107798e9336190d8f08a1e43b91
Size

2.0MB
Sample

240526-mkm1cafh63
MD5

91e79eb94adfd8eb06b9700fac3fe29e
SHA1

40050fd16b571a2c13db055a2cf083194952f094
SHA256

b74fb1e2d98a6571996728e61309ea9ff7f74107798e9336190d8f08a1e43b91
SHA512

96e3981ce30c3a8d36afd4714be91c267933cf0a28a4344f4916bb80c7cee26e6554a40299a6bdedd38d6a6f08543a4766280c71f4d4f549154974beeda1c6ae
SSDEEP

49152:iCdfr4mv+IzkEA3sG43+gtglo3b1kGbyS+xoI99FtA:iCdfr4mv+IzlZOgtDVMT7

Score

10^/10

blackmoon banker bootkit persistence trojan

Malware Config

Targets

- Target
  
  b74fb1e2d98a6571996728e61309ea9ff7f74107798e9336190d8f08a1e43b91
- Size
  
  2.0MB
- MD5
  
  91e79eb94adfd8eb06b9700fac3fe29e
- SHA1
  
  40050fd16b571a2c13db055a2cf083194952f094
- SHA256
  
  b74fb1e2d98a6571996728e61309ea9ff7f74107798e9336190d8f08a1e43b91
- SHA512
  
  96e3981ce30c3a8d36afd4714be91c267933cf0a28a4344f4916bb80c7cee26e6554a40299a6bdedd38d6a6f08543a4766280c71f4d4f549154974beeda1c6ae
- SSDEEP
  
  49152:iCdfr4mv+IzkEA3sG43+gtglo3b1kGbyS+xoI99FtA:iCdfr4mv+IzlZOgtDVMT7
Score

10^/10

blackmoon banker bootkit persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerbootkitpersistencetrojan

behavioral2

blackmoonbankerbootkitpersistencetrojan