blackmoon | 98d9995c54c9f1cfee69eb4ba458ae7b0d79a4a15a3c0b550bb0002c2b93ee3b | Triage

Sharing

General

Target

98d9995c54c9f1cfee69eb4ba458ae7b0d79a4a15a3c0b550bb0002c2b93ee3b
Size

3.5MB
Sample

250102-l9w4waznbp
MD5

682a8ef5daa6cab597f408a15871ea86
SHA1

ac831653348eb24abafc3fe51c55727d7f67e932
SHA256

98d9995c54c9f1cfee69eb4ba458ae7b0d79a4a15a3c0b550bb0002c2b93ee3b
SHA512

0e304954b6b299278a68b921d157dea6bd07450164d585ed4b95bd94fb7e80a449f96b6f4be38ee2001f1914c8b5f972ce6601aafa975b85337a7fe3346a313a
SSDEEP

49152:wO7SL9eq67ydBC/S2mpTn9VLcwuog/TXJwOG2/:hOL9eBmpg/

Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan

Malware Config

Targets

- Target
  
  98d9995c54c9f1cfee69eb4ba458ae7b0d79a4a15a3c0b550bb0002c2b93ee3b
- Size
  
  3.5MB
- MD5
  
  682a8ef5daa6cab597f408a15871ea86
- SHA1
  
  ac831653348eb24abafc3fe51c55727d7f67e932
- SHA256
  
  98d9995c54c9f1cfee69eb4ba458ae7b0d79a4a15a3c0b550bb0002c2b93ee3b
- SHA512
  
  0e304954b6b299278a68b921d157dea6bd07450164d585ed4b95bd94fb7e80a449f96b6f4be38ee2001f1914c8b5f972ce6601aafa975b85337a7fe3346a313a
- SSDEEP
  
  49152:wO7SL9eq67ydBC/S2mpTn9VLcwuog/TXJwOG2/:hOL9eBmpg/
Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan

behavioral2

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan