blackmoon | 290c4563fc3c33f35d2ce50d2140f4c62588d07efe7f2fd47d27420a2fa98ee1

General

Target

290c4563fc3c33f35d2ce50d2140f4c62588d07efe7f2fd47d27420a2fa98ee1
Size

621KB
Sample

250422-jjbzxasry7
MD5

c24957a07fa4d48e700fb30b85e7b439
SHA1

f147ca642cd93289c11cc3fbcbb2e6268b51299f
SHA256

290c4563fc3c33f35d2ce50d2140f4c62588d07efe7f2fd47d27420a2fa98ee1
SHA512

3d2dd9b489eb0d7fcd026fbaf86900aad8a84762c39f885c330f164b9757c6291d0a3ecba2f4cef219228516d630818234b229e1f82f0b2f870c467efd7549eb
SSDEEP

12288:A4svL4A4OvcjLGCHRkwOXC6QzTHTvllfd7lPGoeS+NM:A4sv8TOvcjLGKRkwOXC9zTzxdGNS+N

Score

10^/10

Malware Config

Targets

- Target
  
  290c4563fc3c33f35d2ce50d2140f4c62588d07efe7f2fd47d27420a2fa98ee1
- Size
  
  621KB
- MD5
  
  c24957a07fa4d48e700fb30b85e7b439
- SHA1
  
  f147ca642cd93289c11cc3fbcbb2e6268b51299f
- SHA256
  
  290c4563fc3c33f35d2ce50d2140f4c62588d07efe7f2fd47d27420a2fa98ee1
- SHA512
  
  3d2dd9b489eb0d7fcd026fbaf86900aad8a84762c39f885c330f164b9757c6291d0a3ecba2f4cef219228516d630818234b229e1f82f0b2f870c467efd7549eb
- SSDEEP
  
  12288:A4svL4A4OvcjLGCHRkwOXC6QzTHTvllfd7lPGoeS+NM:A4sv8TOvcjLGKRkwOXC9zTzxdGNS+N
Score

10^/10

blackmoon banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon family

Blackmoon, KrBanker

Detect Blackmoon payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2