blackmoon | c05c8def4ad712a0276fa29c63838918da9835a3d4bc40ca74518952de2cb2c0 | Triage

Sharing

General

Target

c05c8def4ad712a0276fa29c63838918da9835a3d4bc40ca74518952de2cb2c0
Size

2.8MB
Sample

250101-s6xdss1jft
MD5

67afb6566c8a12cab910eb43d8376da1
SHA1

4086875b2fc01e0684b4fb103bbd0692cdaadeba
SHA256

c05c8def4ad712a0276fa29c63838918da9835a3d4bc40ca74518952de2cb2c0
SHA512

d027b2ef874d62a95da5f3bec2699d7ad7eeac8ffe1d76b4d7cf6c2d1943f8189a9aa175b2974fb9ac520d0215b9e26ee9b1782a8ccb38e26ce1b27c7bfd952d
SSDEEP

24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuih:4O7SL9eq67ydBC/S2mpTn91cF

Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan

Malware Config

Targets

- Target
  
  c05c8def4ad712a0276fa29c63838918da9835a3d4bc40ca74518952de2cb2c0
- Size
  
  2.8MB
- MD5
  
  67afb6566c8a12cab910eb43d8376da1
- SHA1
  
  4086875b2fc01e0684b4fb103bbd0692cdaadeba
- SHA256
  
  c05c8def4ad712a0276fa29c63838918da9835a3d4bc40ca74518952de2cb2c0
- SHA512
  
  d027b2ef874d62a95da5f3bec2699d7ad7eeac8ffe1d76b4d7cf6c2d1943f8189a9aa175b2974fb9ac520d0215b9e26ee9b1782a8ccb38e26ce1b27c7bfd952d
- SSDEEP
  
  24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuih:4O7SL9eq67ydBC/S2mpTn91cF
Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan

behavioral2

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan