blackmoon | 5c43210ab764676c792ca53153dfefab4172fd084c67e9497958ec38c5b004ed | Triage

Submit
Reports

Overview

overview

Static

static

8

5c43210ab7...ed.exe

windows7-x64

5c43210ab7...ed.exe

windows10-2004-x64

Sharing

General

Target

5c43210ab764676c792ca53153dfefab4172fd084c67e9497958ec38c5b004ed
Size

4.0MB
Sample

221109-1y9m6aecfk
MD5

0abb92077bb88e701d7f5095e3cf7601
SHA1

ab4d22eba9ced628254627f38b9a18f7115009d2
SHA256

5c43210ab764676c792ca53153dfefab4172fd084c67e9497958ec38c5b004ed
SHA512

4df199024794feb493948d7fe975190d42ee7b951772712e3821e908f6efd43b4ad06a1bd9836e0841537b804026bf87fadcbaf72e60a7220d8d3c6b767e5724
SSDEEP

98304:tJgug67CrzpFObJV0ypLd6r+DxnSQpCtlbvV0TAYP/RIBaQFIlxW0i:fgQ72cE8tDxnDpEbvVwAe/GDOlri

Score

10^/10

blackmoon joker aspackv2 banker infostealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5c43210ab764676c792ca53153dfefab4172fd084c67e9497958ec38c5b004ed.exe

Resource

win7-20220812-en

blackmoon joker banker infostealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5c43210ab764676c792ca53153dfefab4172fd084c67e9497958ec38c5b004ed.exe

Resource

win10v2004-20220812-en

blackmoon joker banker infostealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

- Target
  
  5c43210ab764676c792ca53153dfefab4172fd084c67e9497958ec38c5b004ed
- Size
  
  4.0MB
- MD5
  
  0abb92077bb88e701d7f5095e3cf7601
- SHA1
  
  ab4d22eba9ced628254627f38b9a18f7115009d2
- SHA256
  
  5c43210ab764676c792ca53153dfefab4172fd084c67e9497958ec38c5b004ed
- SHA512
  
  4df199024794feb493948d7fe975190d42ee7b951772712e3821e908f6efd43b4ad06a1bd9836e0841537b804026bf87fadcbaf72e60a7220d8d3c6b767e5724
- SSDEEP
  
  98304:tJgug67CrzpFObJV0ypLd6r+DxnSQpCtlbvV0TAYP/RIBaQFIlxW0i:fgQ72cE8tDxnDpEbvVwAe/GDOlri
Score

10^/10

blackmoon joker banker infostealer trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonjokerbankerinfostealertrojan

behavioral2

blackmoonjokerbankerinfostealertrojanupx

© 2018-2025

Terms | Privacy