blackmoon | 8e45f7523c0a7ab3005ba647866f7d9c6d556ac52364a6d14135478a0335432a | Triage

Submit
Reports

Overview

overview

Static

static

8

8e45f7523c...2a.exe

windows7-x64

8e45f7523c...2a.exe

windows10-2004-x64

Sharing

General

Target

8e45f7523c0a7ab3005ba647866f7d9c6d556ac52364a6d14135478a0335432a
Size

4.0MB
Sample

221105-xbg3vahah8
MD5

4b7949e7c9953fd7382e1b1f3ac5faa9
SHA1

8f5dee38fe30be6565c3bcb82218eefa55b12c86
SHA256

8e45f7523c0a7ab3005ba647866f7d9c6d556ac52364a6d14135478a0335432a
SHA512

17bc86e44f217185a8e7c00147bfdbe336e716c65fcbfca80a144dcc8b4ff493853f1b76d206053a33f58c90d59dd7da23f0eeaa5d7c7846d1a277c30b08a0ac
SSDEEP

98304:YygSfpAzW/OM5K/u0KlQxG+wALyS8G+QHNLbSJwfVRucidoi7iwzIB65:YygCpA62M5K/u0lw+4S83uLbLRi7iwz9

Score

10^/10

blackmoon joker aspackv2 banker infostealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8e45f7523c0a7ab3005ba647866f7d9c6d556ac52364a6d14135478a0335432a.exe

Resource

win7-20220812-en

blackmoon joker banker infostealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8e45f7523c0a7ab3005ba647866f7d9c6d556ac52364a6d14135478a0335432a.exe

Resource

win10v2004-20220812-en

blackmoon joker banker infostealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

- Target
  
  8e45f7523c0a7ab3005ba647866f7d9c6d556ac52364a6d14135478a0335432a
- Size
  
  4.0MB
- MD5
  
  4b7949e7c9953fd7382e1b1f3ac5faa9
- SHA1
  
  8f5dee38fe30be6565c3bcb82218eefa55b12c86
- SHA256
  
  8e45f7523c0a7ab3005ba647866f7d9c6d556ac52364a6d14135478a0335432a
- SHA512
  
  17bc86e44f217185a8e7c00147bfdbe336e716c65fcbfca80a144dcc8b4ff493853f1b76d206053a33f58c90d59dd7da23f0eeaa5d7c7846d1a277c30b08a0ac
- SSDEEP
  
  98304:YygSfpAzW/OM5K/u0KlQxG+wALyS8G+QHNLbSJwfVRucidoi7iwzIB65:YygCpA62M5K/u0lw+4S83uLbLRi7iwz9
Score

10^/10

blackmoon joker banker infostealer trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonjokerbankerinfostealertrojan

behavioral2

blackmoonjokerbankerinfostealertrojanupx

© 2018-2025

Terms | Privacy