blackmoon | ca3c6aa65d838e2164af3b43a370e35dadd96938d8da0347cffe30cfa19cb3f3 | Triage

Sharing

General

Target

ca3c6aa65d838e2164af3b43a370e35dadd96938d8da0347cffe30cfa19cb3f3
Size

388KB
Sample

221126-jh493acf66
MD5

ecf19f0bf9c70411090c8eb0a41e2610
SHA1

0c2dffa44ce0c6509552fcf6229f95a0005da04e
SHA256

ca3c6aa65d838e2164af3b43a370e35dadd96938d8da0347cffe30cfa19cb3f3
SHA512

248552dbb4ac1b416f64268468e853e32dd98abd2b7ae0e871bd57351c7300d1a08713e43866064c58354554456858b6b64cc7a143468df9b6b1e9e4f21e2620
SSDEEP

12288:MfsbeGMhyqFiRvgGS3yb4jzVI5NeByews8r7W:csb8qvgGS9nVIveByews83W

Score

10^/10

blackmoon banker trojan upx vmprotect

Malware Config

Targets

- Target
  
  lolyhzs_veryhuo.com/Copy
- Size
  
  10KB
- MD5
  
  227c49fc0a7b41f866a1d54ebfbafe0b
- SHA1
  
  31509e73e059fa05b9aeccb783b153b85dfad43f
- SHA256
  
  3d5024975f55de9f1bb2a15bf53abe343af34e75426322ae70f183d72f74f6d8
- SHA512
  
  b73faa1300d554cabe397128ab2a3766f183b0917606801f490cebe5c500a314a85897e01325e31a60216a75c11faa4af314c68f4f0f2c1870b196efd5438e43
- SSDEEP
  
  192:xfnLgf74IyqhNGkEd+FIKiCj9QfyFtqS6yzsnIpYOFRzijmN:xfLg8IZh9Ed+fpZFtqUpHbOy
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  lolyhzs_veryhuo.com/LOL优化助手1.6.exe
- Size
  
  232KB
- MD5
  
  0ce444b7040376dc87a6f66e3ec1c0dc
- SHA1
  
  6e173dab062c3f84c09f5720685a81d1abfba9f4
- SHA256
  
  f98ae7312370270026f36e391598c95a2adc113cccd4b89074e1a7a4d62c1d11
- SHA512
  
  60cdaf2ac959b6f3add5e3306bc4f5e5193c3a2dae691f46601d744914a3780012bb6ba755ec681cf796c8fd77a2a3496f7d8d27788359d6fd815e207d358efd
- SSDEEP
  
  6144:1dxTiFO8HOpLD7FYQ7wxU6QQooedJrMjqX1waewxPbEMVZ2:578HEFYQv6QXoedNoqGnMVw
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  lolyhzs_veryhuo.com/SKT.dll
- Size
  
  99KB
- MD5
  
  6c4680f6a837be4452fdc956dc3cb94a
- SHA1
  
  b3c09ca7bace0f306be095de956a165562c4c71c
- SHA256
  
  0f0b84c97a667ed614cdeaca5afdb6a1742438a262ba926e9320039c4c97cd0b
- SHA512
  
  6d1b6ddaff443935a8c221b9bc9e9bbf568078ea7b75262b52da2e06f7ab8f8ec19120e0511211e3725026683f8d294ac4fe175a21d4182a1da563cf6b755614
- SSDEEP
  
  1536:iKc9rgArUR/fzxFpjPhFFwwAhteeLceTay6oYrGKQ9c10H7IgKVqq0n:iKoUp9FprhFFwwk0N3oYr1QPEfVqX
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral5 behavioral6
- Target
  
  lolyhzs_veryhuo.com/process.exe
- Size
  
  106KB
- MD5
  
  aaf2a242dfd54b1b1a920e646cb4aafd
- SHA1
  
  ad104885707febb87918f957048eada5ec2895b7
- SHA256
  
  bcde080176548758a06ad9152c01d054fb2689ecb4451946831d52214eedc755
- SHA512
  
  06cae01f98f70b9437bfffb2ee9f072e18c3717f546d1dca24b1cef27f4afde4035bf4d9fd186a70e6ac45d75549438dcb00a5e253df487f364a42607fa07d56
- SSDEEP
  
  1536:92uvj8CJ3Hrd/hr090EczdNJ05n+XTy8r+1zGlR0ztaRbRilnr3jJZEj+h1wjeJD:9e6Vh8N+TJ0QW8a1zGQZa6VTkqRVZ/Kc
Score

1^/10
behavioral7 behavioral8
- Target
  
  lolyhzs_veryhuo.com/最火软件站.url
- Size
  
  179B
- MD5
  
  a9f77e4cd187af05a6a16b372f42190c
- SHA1
  
  c81d9af0b5f5070a48e21b86a1ef6613616a2200
- SHA256
  
  975aaddc0d28d3bdf4f7cebb546d1ec0ff2b9b9a86ffe1642265f9d5f1136f7f
- SHA512
  
  534fd5631b0ba0547709756b8e1564d4d168136f4806d8edd9cd926c101ea31063bb71ab364b93de3c25f5850b1ee19389d539a5e65379d5080b9b1b7412f588
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix

Tasks

static1

upxvmprotectblackmoon

behavioral1

blackmoonbankertrojanupx

behavioral2

blackmoonbankertrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10