blackmoon | 486cb5ab5ca6a6f507128a8ddd25526cd295d1a7cb24d3a66f9d09f497f58f93 | Triage

Sharing

General

Target

486cb5ab5ca6a6f507128a8ddd25526cd295d1a7cb24d3a66f9d09f497f58f93
Size

2.8MB
Sample

250101-s6nfwstldj
MD5

85cae604e479331c6fc1ad6f91f8baab
SHA1

fca25f2e74001c4c632efbcf7cd9816530b53fa1
SHA256

486cb5ab5ca6a6f507128a8ddd25526cd295d1a7cb24d3a66f9d09f497f58f93
SHA512

32bd4ca5a23ba455257d94d5164516d879e55e495e0a54341a4b44147b02869e482b6e83ab5f5e85798a85e741eaac21818cb42517a2f092c36683618f9c1a9a
SSDEEP

24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuiD:4O7SL9eq67ydBC/S2mpTnf1cF

Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan

Malware Config

Targets

- Target
  
  486cb5ab5ca6a6f507128a8ddd25526cd295d1a7cb24d3a66f9d09f497f58f93
- Size
  
  2.8MB
- MD5
  
  85cae604e479331c6fc1ad6f91f8baab
- SHA1
  
  fca25f2e74001c4c632efbcf7cd9816530b53fa1
- SHA256
  
  486cb5ab5ca6a6f507128a8ddd25526cd295d1a7cb24d3a66f9d09f497f58f93
- SHA512
  
  32bd4ca5a23ba455257d94d5164516d879e55e495e0a54341a4b44147b02869e482b6e83ab5f5e85798a85e741eaac21818cb42517a2f092c36683618f9c1a9a
- SSDEEP
  
  24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuiD:4O7SL9eq67ydBC/S2mpTnf1cF
Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan

behavioral2

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan