blackmoon | 2096c404d709221eae23bdb1fbaff57d648c7d017ea97035882b9b97d55d1df1 | Triage

Submit
Reports

Overview

overview

Static

static

155绿色�...��.url

windows7-x64

1

155绿色�...��.url

windows10-2004-x64

1

QQ牧场宝贝.exe

windows7-x64

QQ牧场宝贝.exe

windows10-2004-x64

Sharing

General

Target

1a88e5dcaab3465a1507be7e4d2e8d60_JaffaCakes118
Size

276KB
Sample

240701-jyqrlszhkf
MD5

1a88e5dcaab3465a1507be7e4d2e8d60
SHA1

a74e80a675b577bc8921befae1d4673a0a5eb962
SHA256

2096c404d709221eae23bdb1fbaff57d648c7d017ea97035882b9b97d55d1df1
SHA512

7595c6b79e933c0ded226d4a9782a833e480ed694a495394096e88e7631eff327933027a342d9cb0ed6ce196682bf29276143c7bfb7c9c5c6692027a98323c1d
SSDEEP

6144:/je8A8PTEX+ilM/KcDzIekFOLqByWtapaH4ofdgua8:/je8HLEXjWKccJO2Bleaap8

Score

10^/10

blackmoon banker trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

155绿色软件站.url

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

155绿色软件站.url

Resource

win10v2004-20240611-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

QQ牧场宝贝.exe

Resource

win7-20240611-en

blackmoon banker trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

QQ牧场宝贝.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  155绿色软件站.url
- Size
  
  219B
- MD5
  
  3a1f2a8a3ef08ae269517a69ea918b2c
- SHA1
  
  7d2e6719702bc8472e045e010efa6ed3f7df4b5b
- SHA256
  
  66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd
- SHA512
  
  22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576
Score

1^/10
behavioral1 behavioral2
- Target
  
  QQ牧场宝贝.exe
- Size
  
  283KB
- MD5
  
  4b18c843d1f5aa5c0a0511d8137fb0ca
- SHA1
  
  3b7db3134a3a15a3683a1c198c0c972c58e507b5
- SHA256
  
  842536f9891fd3842e8a6b74c667391a1e11b4a552c34414bc48f61fdbdd6c1b
- SHA512
  
  721f613673650df4c0762bf03bfd9af4b34b2f437940baa98b9cf5623eacea24b6ba820917d4dc605a539f04fd196a4794647a2cb7c82fd0c294fb600290dc2c
- SSDEEP
  
  6144:6EBLkxedjZJv+91z0/RCLIEX8494VLAJaBf04vCt7ssYInY:6cLkxe1n+Tz0/+SZXBf0ECt7ssYInY
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

blackmoonbankertrojanupx

behavioral4

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy