blackmoon | cb6111ad06c056423fa7c8cf921b95c6986c7f54bdf9a609441d30025e26ffed

General

Target

cb6111ad06c056423fa7c8cf921b95c6986c7f54bdf9a609441d30025e26ffed
Size

4.0MB
Sample

221108-xysg4aehfj
MD5

d95bc0e174ee7a1edddcfba52469cee2
SHA1

e2a0ead877ce762bfa57f4317e07342c69076a1d
SHA256

cb6111ad06c056423fa7c8cf921b95c6986c7f54bdf9a609441d30025e26ffed
SHA512

47ebdb24679f2ea695159ace65bc61ee6303140da20127d3e082c5831ab869c6d5e9929d004c8b8257fb446526a937c07b6f8ae434c450c1f46ef6a362d4f374
SSDEEP

98304:tJgug67CrzpFObJV0ypLd6r+DxnSQpCtlbvV0TAYP/RIBaQFIlxW0z:fgQ72cE8tDxnDpEbvVwAe/GDOlrz

Score

10^/10

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

- Target
  
  cb6111ad06c056423fa7c8cf921b95c6986c7f54bdf9a609441d30025e26ffed
- Size
  
  4.0MB
- MD5
  
  d95bc0e174ee7a1edddcfba52469cee2
- SHA1
  
  e2a0ead877ce762bfa57f4317e07342c69076a1d
- SHA256
  
  cb6111ad06c056423fa7c8cf921b95c6986c7f54bdf9a609441d30025e26ffed
- SHA512
  
  47ebdb24679f2ea695159ace65bc61ee6303140da20127d3e082c5831ab869c6d5e9929d004c8b8257fb446526a937c07b6f8ae434c450c1f46ef6a362d4f374
- SSDEEP
  
  98304:tJgug67CrzpFObJV0ypLd6r+DxnSQpCtlbvV0TAYP/RIBaQFIlxW0z:fgQ72cE8tDxnDpEbvVwAe/GDOlrz
Score

10^/10

blackmoon joker banker infostealer trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

joker

Executes dropped EXE

UPX packed file

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2