blackmoon | 8759d9c287fe386ebde7279a0b6f9e5bd7c0dff2031585fbb79ae66052292435 | Triage

Sharing

General

Target

8759d9c287fe386ebde7279a0b6f9e5bd7c0dff2031585fbb79ae66052292435N.exe
Size

34KB
Sample

241226-n8sq6svnds
MD5

ab811a31a008784c046000890d0994e0
SHA1

3bf1515fee83dbc21ca834077e3848e04bda447e
SHA256

8759d9c287fe386ebde7279a0b6f9e5bd7c0dff2031585fbb79ae66052292435
SHA512

60dd50b424b17a8b253ac1831fb424fcfab61e8efc3e0b16d318ef6ebcf2e93ee3163daef530d0c5f6253f311cc1dde56eda4f767526b3eff1cda5445d8ebaab
SSDEEP

768:gxa4PfkczEClQF0QGqwq0E6Na8WFaDrTCMNR8Gx8IPE7BNKSzHctMli:RQftW0QGq/aabWrTsGx3P6Cbtr

Score

10^/10

blackmoon banker discovery persistence trojan

Malware Config

Targets

- Target
  
  8759d9c287fe386ebde7279a0b6f9e5bd7c0dff2031585fbb79ae66052292435N.exe
- Size
  
  34KB
- MD5
  
  ab811a31a008784c046000890d0994e0
- SHA1
  
  3bf1515fee83dbc21ca834077e3848e04bda447e
- SHA256
  
  8759d9c287fe386ebde7279a0b6f9e5bd7c0dff2031585fbb79ae66052292435
- SHA512
  
  60dd50b424b17a8b253ac1831fb424fcfab61e8efc3e0b16d318ef6ebcf2e93ee3163daef530d0c5f6253f311cc1dde56eda4f767526b3eff1cda5445d8ebaab
- SSDEEP
  
  768:gxa4PfkczEClQF0QGqwq0E6Na8WFaDrTCMNR8Gx8IPE7BNKSzHctMli:RQftW0QGq/aabWrTsGx3P6Cbtr
Score

10^/10

blackmoon banker discovery persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Deletes itself
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverypersistencetrojan

behavioral2

blackmoonbankerdiscoverypersistencetrojan