blackmoon | ec5ec69e17d8679dbabd03b8fa8522bf4f67caad49b0414016ab47baadc8d8df | Triage

Submit
Reports

Overview

overview

Static

static

8

ec5ec69e17...df.exe

windows7-x64

ec5ec69e17...df.exe

windows10-2004-x64

Sharing

General

Target

ec5ec69e17d8679dbabd03b8fa8522bf4f67caad49b0414016ab47baadc8d8df
Size

4.0MB
Sample

221112-z1qgmacf6v
MD5

7febfe6a4577937023b0cd0fb464a95e
SHA1

d4c696debc224137051c34ab6c9855a9ed01e2b4
SHA256

ec5ec69e17d8679dbabd03b8fa8522bf4f67caad49b0414016ab47baadc8d8df
SHA512

276d40f34ca26930f6830efbf45539974e6e6e59a89bbff299ee61412ea57c3f298fc337d68c2a0590790d7273bf3327cf7df8f8befa3b884aa23f5eac1689f7
SSDEEP

98304:GczGF9E+wSReWIjp3tcb9YI/LsoayFPVdBOxt1bDkMBD:GczGPERuQjdtc5vzsoaMPVdMt1bDkMBD

Score

10^/10

blackmoon joker aspackv2 banker infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ec5ec69e17d8679dbabd03b8fa8522bf4f67caad49b0414016ab47baadc8d8df.exe

Resource

win7-20220812-en

blackmoon joker banker infostealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec5ec69e17d8679dbabd03b8fa8522bf4f67caad49b0414016ab47baadc8d8df.exe

Resource

win10v2004-20220812-en

blackmoon joker banker infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

- Target
  
  ec5ec69e17d8679dbabd03b8fa8522bf4f67caad49b0414016ab47baadc8d8df
- Size
  
  4.0MB
- MD5
  
  7febfe6a4577937023b0cd0fb464a95e
- SHA1
  
  d4c696debc224137051c34ab6c9855a9ed01e2b4
- SHA256
  
  ec5ec69e17d8679dbabd03b8fa8522bf4f67caad49b0414016ab47baadc8d8df
- SHA512
  
  276d40f34ca26930f6830efbf45539974e6e6e59a89bbff299ee61412ea57c3f298fc337d68c2a0590790d7273bf3327cf7df8f8befa3b884aa23f5eac1689f7
- SSDEEP
  
  98304:GczGF9E+wSReWIjp3tcb9YI/LsoayFPVdBOxt1bDkMBD:GczGPERuQjdtc5vzsoaMPVdMt1bDkMBD
Score

10^/10

blackmoon joker banker infostealer trojan persistence
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonjokerbankerinfostealertrojan

behavioral2

blackmoonjokerbankerinfostealerpersistencetrojan

© 2018-2025

Terms | Privacy