blackmoon | b97c6f5eb0dffd17832083d913eebb6a01526a7c7885961262b64c271e40bdf5 | Triage

Sharing

General

Target

b97c6f5eb0dffd17832083d913eebb6a01526a7c7885961262b64c271e40bdf5
Size

2.8MB
Sample

250104-c2jzxawrg1
MD5

21f0f3b31785b8c29ae831758f056048
SHA1

4839b5e6c2e81c16de25d7f1557b2d14fb4e5f10
SHA256

b97c6f5eb0dffd17832083d913eebb6a01526a7c7885961262b64c271e40bdf5
SHA512

7fa38af42b639b537c8cc18ffaeeac688791a60a6de2e5d5955a0c3b9773d515b404f2c004d0fc4ed7afcc903dc7dc8107c93534e86e6c3adedf79be86ada14e
SSDEEP

24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuiJ:4O7SL9eq67ydBC/S2mpTnd1cF

Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan

Malware Config

Targets

- Target
  
  b97c6f5eb0dffd17832083d913eebb6a01526a7c7885961262b64c271e40bdf5
- Size
  
  2.8MB
- MD5
  
  21f0f3b31785b8c29ae831758f056048
- SHA1
  
  4839b5e6c2e81c16de25d7f1557b2d14fb4e5f10
- SHA256
  
  b97c6f5eb0dffd17832083d913eebb6a01526a7c7885961262b64c271e40bdf5
- SHA512
  
  7fa38af42b639b537c8cc18ffaeeac688791a60a6de2e5d5955a0c3b9773d515b404f2c004d0fc4ed7afcc903dc7dc8107c93534e86e6c3adedf79be86ada14e
- SSDEEP
  
  24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tuiJ:4O7SL9eq67ydBC/S2mpTnd1cF
Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan

behavioral2

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan