blackmoon | d92ccd7a7376ba1e89093099b7872e84ba02554e383494e937d337b0adeabd5a | Triage

Submit
Reports

Overview

overview

Static

static

8

d92ccd7a73...5a.exe

windows7-x64

d92ccd7a73...5a.exe

windows10-2004-x64

Sharing

General

Target

d92ccd7a7376ba1e89093099b7872e84ba02554e383494e937d337b0adeabd5a
Size

4.0MB
Sample

221105-1pnpbscchr
MD5

0165da47b1ecb02af081148096c1b987
SHA1

37682148a7ea1b43d5f92c0aacab911c1836c982
SHA256

d92ccd7a7376ba1e89093099b7872e84ba02554e383494e937d337b0adeabd5a
SHA512

ebb1c99d5cfd5f170ca5f25147fab5f9cb2df834d0d80dc2363336822d42b55aaaa89f8e1334b88f625b0c99aa6ef9fd3f17bbb922ffde1b9ae2b1c94398d9bc
SSDEEP

98304:YygSfpAzW/OM5K/u0KlQxG+wALyS8G+QHNLbSJwfVRucidoi7iwzIB6h:YygCpA62M5K/u0lw+4S83uLbLRi7iwzl

Score

10^/10

blackmoon joker aspackv2 banker infostealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d92ccd7a7376ba1e89093099b7872e84ba02554e383494e937d337b0adeabd5a.exe

Resource

win7-20220812-en

blackmoon joker banker infostealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d92ccd7a7376ba1e89093099b7872e84ba02554e383494e937d337b0adeabd5a.exe

Resource

win10v2004-20220812-en

blackmoon joker banker infostealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

- Target
  
  d92ccd7a7376ba1e89093099b7872e84ba02554e383494e937d337b0adeabd5a
- Size
  
  4.0MB
- MD5
  
  0165da47b1ecb02af081148096c1b987
- SHA1
  
  37682148a7ea1b43d5f92c0aacab911c1836c982
- SHA256
  
  d92ccd7a7376ba1e89093099b7872e84ba02554e383494e937d337b0adeabd5a
- SHA512
  
  ebb1c99d5cfd5f170ca5f25147fab5f9cb2df834d0d80dc2363336822d42b55aaaa89f8e1334b88f625b0c99aa6ef9fd3f17bbb922ffde1b9ae2b1c94398d9bc
- SSDEEP
  
  98304:YygSfpAzW/OM5K/u0KlQxG+wALyS8G+QHNLbSJwfVRucidoi7iwzIB6h:YygCpA62M5K/u0lw+4S83uLbLRi7iwzl
Score

10^/10

blackmoon joker banker infostealer trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonjokerbankerinfostealertrojan

behavioral2

blackmoonjokerbankerinfostealertrojanupx

© 2018-2025

Terms | Privacy