blackmoon | bc3b16825c47824b41591a1897ff2e7542cbdabde6c62d330405784f80930cdd | Triage

Sharing

General

Target

bc3b16825c47824b41591a1897ff2e7542cbdabde6c62d330405784f80930cdd
Size

3.0MB
Sample

250101-r2qj1sylh1
MD5

c119e6f3ec97fb8fd246e1784af0d826
SHA1

8678d2846df714dc89628b784fd25355628c350f
SHA256

bc3b16825c47824b41591a1897ff2e7542cbdabde6c62d330405784f80930cdd
SHA512

35ea350c84967f9548757c45ef3a4c22c352a506b9a047fb3c5e01c1ff773f59e0c6e632843cf6e4925acf38e39a9b6d9d987031d622dfb8f3e827fbac205625
SSDEEP

98304:AOL9eBmp46HDT2MtUmmJqvOwcdI/X48ETeO7:lRp46HDT2MtUmmJqvOwcdI/X48ETeO7

Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan

Malware Config

Targets

- Target
  
  bc3b16825c47824b41591a1897ff2e7542cbdabde6c62d330405784f80930cdd
- Size
  
  3.0MB
- MD5
  
  c119e6f3ec97fb8fd246e1784af0d826
- SHA1
  
  8678d2846df714dc89628b784fd25355628c350f
- SHA256
  
  bc3b16825c47824b41591a1897ff2e7542cbdabde6c62d330405784f80930cdd
- SHA512
  
  35ea350c84967f9548757c45ef3a4c22c352a506b9a047fb3c5e01c1ff773f59e0c6e632843cf6e4925acf38e39a9b6d9d987031d622dfb8f3e827fbac205625
- SSDEEP
  
  98304:AOL9eBmp46HDT2MtUmmJqvOwcdI/X48ETeO7:lRp46HDT2MtUmmJqvOwcdI/X48ETeO7
Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan

behavioral2

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan