blackmoon | 5d1210e60be433829fc5ae3e04bf5a7c37b6a8de6559a65221e3937c9e76b11a | Triage

Sharing

General

Target

5d1210e60be433829fc5ae3e04bf5a7c37b6a8de6559a65221e3937c9e76b11a
Size

2.8MB
Sample

250104-c38pnayrdj
MD5

a878432e3c19e327650f5633ed4b66ae
SHA1

5412c6ae424bb9cf01560ce74b2be68bf3ac6bda
SHA256

5d1210e60be433829fc5ae3e04bf5a7c37b6a8de6559a65221e3937c9e76b11a
SHA512

4cd2a45857c1f3e0e008cc327a99f9117bc9f77c999fe2bf1e5b34e63392be518905f9cde80cdbd51f43be9649e230e17308e003642f3129f8a1b73b665a82a8
SSDEEP

24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tui3:4O7SL9eq67ydBC/S2mpTnv1cF

Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan

Malware Config

Targets

- Target
  
  5d1210e60be433829fc5ae3e04bf5a7c37b6a8de6559a65221e3937c9e76b11a
- Size
  
  2.8MB
- MD5
  
  a878432e3c19e327650f5633ed4b66ae
- SHA1
  
  5412c6ae424bb9cf01560ce74b2be68bf3ac6bda
- SHA256
  
  5d1210e60be433829fc5ae3e04bf5a7c37b6a8de6559a65221e3937c9e76b11a
- SHA512
  
  4cd2a45857c1f3e0e008cc327a99f9117bc9f77c999fe2bf1e5b34e63392be518905f9cde80cdbd51f43be9649e230e17308e003642f3129f8a1b73b665a82a8
- SSDEEP
  
  24576:4l18GADX15DihL9GVRqIERogW68ngSTeTm8HZfj4cCao6A6u2EmAOuydnTX2tui3:4O7SL9eq67ydBC/S2mpTnv1cF
Score

10^/10

blackmoon privateloader banker discovery evasion execution loader persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan

behavioral2

blackmoonprivateloaderbankerdiscoveryevasionexecutionloaderpersistencetrojan