blackmoon | d6db09cf67696d87898a507d1d2ed27e90778dc9272240932b26cd1b58ef7e1f

General

Target

d6db09cf67696d87898a507d1d2ed27e90778dc9272240932b26cd1b58ef7e1f
Size

4.0MB
Sample

221115-14jnxsca7t
MD5

24fb820f2eea7cb91deb3ddfe49af1a8
SHA1

281ba24c6a65dae9e206b6713c783ac37425a369
SHA256

d6db09cf67696d87898a507d1d2ed27e90778dc9272240932b26cd1b58ef7e1f
SHA512

b387d5643f49d022be3f3e7f8c547d438b2278273b74179ccd2a09b02b56a062f5d618ee1394f5a03c5f12595f40cd7919b23794553ed91dfeb9c1f0c2e31e42
SSDEEP

98304:GczGF9E+wSReWIjp3tcb9YI/LsoayFPVdBOxt1bDkMBW:GczGPERuQjdtc5vzsoaMPVdMt1bDkMBW

Score

10^/10

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

- Target
  
  d6db09cf67696d87898a507d1d2ed27e90778dc9272240932b26cd1b58ef7e1f
- Size
  
  4.0MB
- MD5
  
  24fb820f2eea7cb91deb3ddfe49af1a8
- SHA1
  
  281ba24c6a65dae9e206b6713c783ac37425a369
- SHA256
  
  d6db09cf67696d87898a507d1d2ed27e90778dc9272240932b26cd1b58ef7e1f
- SHA512
  
  b387d5643f49d022be3f3e7f8c547d438b2278273b74179ccd2a09b02b56a062f5d618ee1394f5a03c5f12595f40cd7919b23794553ed91dfeb9c1f0c2e31e42
- SSDEEP
  
  98304:GczGF9E+wSReWIjp3tcb9YI/LsoayFPVdBOxt1bDkMBW:GczGPERuQjdtc5vzsoaMPVdMt1bDkMBW
Score

10^/10

blackmoon joker banker infostealer trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

joker

UPX packed file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2