blackmoon | 8831a1c5d2416aaf377d917c550b6dc9e0f6638969e49fc8ee697cfeddf54f55 | Triage

Sharing

General

Target

8831a1c5d2416aaf377d917c550b6dc9e0f6638969e49fc8ee697cfeddf54f55
Size

2.8MB
Sample

241022-xs5v8szcrh
MD5

738a95eb2bb19c4b04dce42b06edb03c
SHA1

115bce785ff9e7bb5f6cf857b7e66d56c3cb6f19
SHA256

8831a1c5d2416aaf377d917c550b6dc9e0f6638969e49fc8ee697cfeddf54f55
SHA512

27c705b78ee98030d66db6492d82615f0a2c023b6f25af99f9979825a28f64f9403ba0b97a3a1313fdb2c287992750ae40521c2d0cbe4b00b92412069341bab7
SSDEEP

24576:wl18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuiU:wO7SL9eq67ydBC/S2mpTn8

Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan

Malware Config

Targets

- Target
  
  8831a1c5d2416aaf377d917c550b6dc9e0f6638969e49fc8ee697cfeddf54f55
- Size
  
  2.8MB
- MD5
  
  738a95eb2bb19c4b04dce42b06edb03c
- SHA1
  
  115bce785ff9e7bb5f6cf857b7e66d56c3cb6f19
- SHA256
  
  8831a1c5d2416aaf377d917c550b6dc9e0f6638969e49fc8ee697cfeddf54f55
- SHA512
  
  27c705b78ee98030d66db6492d82615f0a2c023b6f25af99f9979825a28f64f9403ba0b97a3a1313fdb2c287992750ae40521c2d0cbe4b00b92412069341bab7
- SSDEEP
  
  24576:wl18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuiU:wO7SL9eq67ydBC/S2mpTn8
Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan

behavioral2

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan