May 20, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Severity
High
Analysis Summary
BlackMoon, aka KRBanker, is a banking trojan it can steal financial and banking account information as well as other sensitive data. Blackmoon was discovered in 2014 by Fortinet researchers, and it is back again with a new campaign. Blackmoon used to attack the host with URLs, advertisements, and other web content. Once the host has been compromised it can open multiple pop-ups.
Impact
- Credential Theft
- Financial Theft
- Data Exfiltration
Indicators of Compromise
MD5
- ea16b5ed06d884a785576d4f52ef4037
- 0bba7f11a1dcfd807f22e6017647c05f
- 6d903af30def706efdc95763166be19b
- d71fdfbf9ffc924c5c427c859db53137
- c56fd1f7791e4e57b1f627bc8de47d85
SHA-256
- 576c808913384a04d7d2c16f30b53ee51c2786b7f7c94d9e3f1b0f11aa237023
- 38262aeed1fa70b6f30f198b09d1fa122926ec5a6b170e2e18ab6da769bd2c97
- fe7af374e0336118189c4b850b9c2dc16baa0c7dde4de8f1ef321828fd3b8a09
- f7c7f840f2df87fbb8ac886212d0bb53cd24b6f383d1348fc9714b000cba311a
- 795fbf405b6fdb9e3d3276bfb5ff6ba4a07495841de6997e3fe4a47f60f552b9
SHA-1
- dc2c2e3b6d1b4104289a69c364944ea12cd6f89c
- 7b5f85dccc64f0ace6a7139529990b5cd8cce231
- d778b99f5eeb5f7c10a65d84ce478b19680d8ce5
- d49e9af6a683ec39e7cb936386d2271138a9387c
- bee2f73685c0d3e2103ac19e1b101e773c9b9788
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
