Overview

overview

10

Static

static

8

be97407301...4d.exe

windows7-x64

10

be97407301...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be97407301b24cdd0d7571108c2abae4e6f45c6177e9936225851c504688aa4d

  • Size

    4.0MB

  • Sample

    221024-1xfnpaagf5

  • MD5

    8aaf5a511a8744ad77347e7fecb076ae

  • SHA1

    4eca6c4279fa7c3b30a8278019669e7dbb8a3c24

  • SHA256

    be97407301b24cdd0d7571108c2abae4e6f45c6177e9936225851c504688aa4d

  • SHA512

    7702e03244fe572b455dfb6bea8fda66ccf11602c102c84d13df0c796ecc890d1c91d95b2edbec43c5399ba21392c62faeff89cd4c7b09adb8b298a1d09ed02b

  • SSDEEP

    98304:gfcWs9WeQdtaHMEgmRh1Gfpipr6MzHVFzcRNMyGE:ycW0WeOEME1hkxi16ML3yGE

Score
10/10
blackmoonjokeraspackv2bankerinfostealertrojanupx

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

    • Target

      be97407301b24cdd0d7571108c2abae4e6f45c6177e9936225851c504688aa4d

    • Size

      4.0MB

    • MD5

      8aaf5a511a8744ad77347e7fecb076ae

    • SHA1

      4eca6c4279fa7c3b30a8278019669e7dbb8a3c24

    • SHA256

      be97407301b24cdd0d7571108c2abae4e6f45c6177e9936225851c504688aa4d

    • SHA512

      7702e03244fe572b455dfb6bea8fda66ccf11602c102c84d13df0c796ecc890d1c91d95b2edbec43c5399ba21392c62faeff89cd4c7b09adb8b298a1d09ed02b

    • SSDEEP

      98304:gfcWs9WeQdtaHMEgmRh1Gfpipr6MzHVFzcRNMyGE:ycW0WeOEME1hkxi16ML3yGE

    Score
    10/10
    blackmoonjokerbankerinfostealertrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks