blackmoon | f592ffaf8d229b5510e2fde22f06ea40b29532f85e83c410a9d1079b74b8a576 | Triage

Submit
Reports

Overview

overview

Static

static

2025-04-02...id.exe

windows10-2004-x64

Sharing

General

Target

2025-04-02_279fd4ef507def420016b5d4c9e5d93f_hacktools_icedid
Size

2.0MB
Sample

250402-bz9l4syxas
MD5

279fd4ef507def420016b5d4c9e5d93f
SHA1

7a1fc1555f601a78af89820fd7dda6881327b972
SHA256

f592ffaf8d229b5510e2fde22f06ea40b29532f85e83c410a9d1079b74b8a576
SHA512

0c9cbe2bd3cc6206687d3ee209a6e62f5b913b3faf5ab2db5ef6ebeec67d1af6601e5e229a7f9c3a01a08683e63b154edb55c81fc6ce73ce9683f7d589a71bc1
SSDEEP

24576:PSH25PwcN2jx23LdZNtWFKVXIdaY5VFt1LuqJhDqGFeyUQPurCD8JYjSK5ECo:PlDoOTNtGKJIvfuRVy/Pur2Mgo

Score

10^/10

blackmoon banker bootkit discovery persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-04-02_279fd4ef507def420016b5d4c9e5d93f_hacktools_icedid.exe

Resource

win10v2004-20250314-en

blackmoon banker bootkit discovery persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-02_279fd4ef507def420016b5d4c9e5d93f_hacktools_icedid
- Size
  
  2.0MB
- MD5
  
  279fd4ef507def420016b5d4c9e5d93f
- SHA1
  
  7a1fc1555f601a78af89820fd7dda6881327b972
- SHA256
  
  f592ffaf8d229b5510e2fde22f06ea40b29532f85e83c410a9d1079b74b8a576
- SHA512
  
  0c9cbe2bd3cc6206687d3ee209a6e62f5b913b3faf5ab2db5ef6ebeec67d1af6601e5e229a7f9c3a01a08683e63b154edb55c81fc6ce73ce9683f7d589a71bc1
- SSDEEP
  
  24576:PSH25PwcN2jx23LdZNtWFKVXIdaY5VFt1LuqJhDqGFeyUQPurCD8JYjSK5ECo:PlDoOTNtGKJIvfuRVy/Pur2Mgo
Score

10^/10

blackmoon banker bootkit discovery persistence trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerbootkitdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy