blackmoon | 2bc78b2cb385b002ee7cf3406e93c7ee336765022f9c3298637dc6496d8fc2fe

Sharing

Copy URL

Twitter E-mail

General

Target

2bc78b2cb385b002ee7cf3406e93c7ee336765022f9c3298637dc6496d8fc2fe
Size

11.2MB
Sample

221126-xztrjsbh7w
MD5

79225ea0838211b5d0784dd0bcf7a877
SHA1

e92e39fbbf074fa076bd65f41bb8877aba71fc8c
SHA256

2bc78b2cb385b002ee7cf3406e93c7ee336765022f9c3298637dc6496d8fc2fe
SHA512

d6a75dbe60d46750e47ea1d55a318e272c12f5b10085c252362e93df489f9dba74e2a974684e6720e4ef234a4cbbf61eb8270254da379e06b96126061c276132
SSDEEP

196608:KaixOP4K0wRB9hQjqjnMwud/Dd/saC/CEdhmNajpArORrtpp0hnAPwuEGQ2g2+Xe:Kasc4K0wb98gn/kea4xH6yjpuxRc/1MY

Score

10^/10

Malware Config

Targets

- Target
  
  츨12.16ɫ/츨.url
- Size
  
  154B
- MD5
  
  80fbd50c949bc2a5da573f855c178008
- SHA1
  
  a2e113094149600f575f269674294b8d249b2cb8
- SHA256
  
  2d5e0b36c9c72350ad613af0dd0f9dd52284326171078e8aac40f5ce54de3697
- SHA512
  
  775e4b7b7ea7ff6e36f7f0de5ac165f8421d5f4bc9ca0d88727a4d99e6b2385f8701d841e7081670dcd37adfede0a1694c70348333009a589d471df2fe0aeace
Score

1^/10
behavioral1 behavioral2
- Target
  
  츨12.16ɫ/Ա.url
- Size
  
  172B
- MD5
  
  d0352b1e2dafefaf855d33b8fb47a523
- SHA1
  
  f71da936c344746e062fe2055dc4c1ec7b1cf935
- SHA256
  
  bd01549eef91fc327e2a704f88b214834de39faab76defbc3ebbe30e65c1977f
- SHA512
  
  1fb8ff0a4e4496de2467c3314df48b0c886ec08225ae8595ecbc74cd6cffc94b0187cae9ccc87683050503ec62b70542c9414fd57fcba23abbaced701fb77471
Score

1^/10
behavioral3 behavioral4
- Target
  
  츨12.16ɫ/츨12.16ɫ/33BEE5EE.dat
- Size
  
  596KB
- MD5
  
  0cb07cb0d5854dba7193c5fc399365fb
- SHA1
  
  e82c8065e2c445f57e1d0c916e3e638c38d1933d
- SHA256
  
  a67cbe26adf512aceaea62644ce6de59bef028960c71ec3051134781988bbc88
- SHA512
  
  ff84567120d96b8ed4fd17b76c234894628727f7d33d24bfe0cab32e7b3aab54d2aa9a946d3d165eb61dc4d4151fee7bd50940d69e274cb5eb8a1264b971574a
- SSDEEP
  
  6144:LlQ24N1V5ab+0zwae7O3T9NO01jk/qYmaczEeNWYa6fXEZ3SfDPEoW6B3:LOh1XaJVe7O3T/qUqY1fPfDPEop
Score

1^/10
behavioral5 behavioral6
- Target
  
  츨12.16ɫ/츨12.16ɫ/3km2.dll
- Size
  
  1.5MB
- MD5
  
  2e5ff9dc7ea781a0d99895d318af3cef
- SHA1
  
  c2dddda1b2141a8d8fe2bd4619caffa4056e0737
- SHA256
  
  6d884320514ec3a9dbb66914eebbe03e66dd3623f124988d350dc6322b76098a
- SHA512
  
  fa0eccd58a8b7dbf8681547bc344d622391219fae1fa20eed3d7d67efa494e7f23c8670ad663ec35e4e1bb533c5ab7c784b195c5e96f7c954c45b7b2bbd50276
- SSDEEP
  
  49152:zJ58ZHuvPUbFLfdwDclKIM3IMhWaz0I0:D8ZHuvPUtQclPM3IMhWaj
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8
- Target
  
  츨12.16ɫ/츨12.16ɫ/Astar.dll
- Size
  
  35KB
- MD5
  
  c0b716b0a39e6bd5b97ad509c59616cd
- SHA1
  
  434b02800a9b19e17901eb7c46c6ca240bc573de
- SHA256
  
  e791c2fa9b0435ade26b7d8d295ac957ce0eb5d30bca0cbc4cff3d3f5d8dbdef
- SHA512
  
  60bbfa1d09ff9fc5aa25886d22cc9c4bd4b602e4a723a5f3ea454cf3834a8dabf8d8630dbc8f6a61765d3feb7d498526e19503db27fbb6350266d2ea40cb17cb
- SSDEEP
  
  384:voWyKa2k8KeTduFoSQPZaqSItpQt/stcc/pjKhwElrP+lnu6EDHkCr1GNC8vyNbn:v+KWVKFazapm70+hf7GnTEDT8vyh
Score

3^/10
behavioral10 behavioral9
- Target
  
  츨12.16ɫ/츨12.16ɫ/Dll.dll
- Size
  
  7KB
- MD5
  
  0bbbca7038095d2ca8eff205bb1c7210
- SHA1
  
  af89fc4b2dfbfd0a0ce464a171c78009f7caf1b6
- SHA256
  
  3b4869d560062b4ea0edd78fba1d798a403b8749a9b32d323058e7e6416ee53e
- SHA512
  
  2870cbf3eb75b3812f502b6ab5adae543349b02eb8e62ec1531d0464c9d475e69d4a9e6773a237dc7616f5754ef255903d976cf7d7a5d55e5b2b5043112595d7
- SSDEEP
  
  96:yWf0YDrMtyjnyoSvDilH2tBOMrJQOBdFC+orPT3XAUPVAF6GDTnECt6M7N:5iy+o4DiwBOxO2rr3XHPV26Onf6A
Score

1^/10
behavioral11 behavioral12
- Target
  
  츨12.16ɫ/츨12.16ɫ/GetInfo.dll
- Size
  
  1.5MB
- MD5
  
  dbac2c9c7545463a542820337e504dd4
- SHA1
  
  f1927a37103145678bffefd2437d3c18a9b68831
- SHA256
  
  ef022b706eab8542d2cf3be7de64b66cb809509732b08f6e055abeb84bdbba48
- SHA512
  
  298dca7f6a9b9557305d435463063b421285d2420f581f28770ffb837dee55ae7ab99547bbd5e4d80da7958d1eb259f0d3c8262bbbd71517d89a0de47795d384
- SSDEEP
  
  49152:7wZEkRqxYYYGkMzgBss/g6hIOd9uZNMcC8CFyluyplN1vn:QEnxdHkMz8ss/g6hISuzvCFysyplN
Score

3^/10
behavioral13 behavioral14
- Target
  
  츨12.16ɫ/츨12.16ɫ/Lua.dll
- Size
  
  156KB
- MD5
  
  546696fc01d9c7c912da33a7ffecf21a
- SHA1
  
  46f3ac49346afd4e85db46ade697f536afd8bee6
- SHA256
  
  1b233ec23eccf5cc532e9f1349093ad7dc6b5d14973b1fb09251a21bf080e687
- SHA512
  
  7ac984e2d3e91a23a256c6e118d2e83c5049310e5877b436f65a82b4c0e744677ef12d945625eac72f210ad73617133dc10a64b23aa03fcc9513906167174089
- SSDEEP
  
  3072:kWxO4AOqXKN18lz1ajwgFxgi9bHb/fERierQ:kH/O+NlYBFxbnERVQ
Score

3^/10
behavioral15 behavioral16
- Target
  
  츨12.16ɫ/츨12.16ɫ/gom.dat
- Size
  
  900KB
- MD5
  
  f674e8892127fb6dee55c45f90bef80c
- SHA1
  
  07d02adfd68e17d0744a139a37f063ccf3acc660
- SHA256
  
  428133cfffb97d29571b38dd5eceefec586b35c1ec750717f4eadb3f9c49350d
- SHA512
  
  184619f238f96651f33c72aeb9d6024919ab100f4b2314add3ca56dcd30a885f1b1111c1ffd36f0398140abaad887f0519e4683115e0cabd54e9e3cd6c6152bd
- SSDEEP
  
  12288:bE4yngBeZp2Z3fubpeRIwgY49xOw9NHWoE1TEEtAPJBvMWt:bE43AZpO3fkplwf4rOWNHWoINB
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  츨12.16ɫ/츨12.16ɫ/gom.dll
- Size
  
  1.4MB
- MD5
  
  fd71f2961edf08926077766be792a64d
- SHA1
  
  23f1f94036a9bd97d63bb6094b466354e0e38ce2
- SHA256
  
  2a57d00cd493f650cec5735ba7a8110153e8e10348edcdd3589b17714eea27c6
- SHA512
  
  f0ab8171c83fcf0e8ed873c9cf342608a93efb8f5550eea0ddbb88e60611177bd303f50fd40a7d7311af35542fc288bf43ef0020fd9c5c913db9b505b89650d3
- SSDEEP
  
  24576:xldVgBHgF2S9YUYdKxS5jAzRGzCkReds75oFBug4aRd4Yo4uYFWs7af:x9F2S9YUYdKx5IFReUKMid4Yo4tF77af
Score

1^/10
behavioral19 behavioral20
- Target
  
  츨12.16ɫ/츨12.16ɫ/jx.dll
- Size
  
  652KB
- MD5
  
  4e1c140d96b8cd84cd378ae96b2f6b1e
- SHA1
  
  9441f2e1c20e5be9558ff36a8ca97659a8be230b
- SHA256
  
  c8bc513379447f5e18a19daf61c9c50189dc8f22bbdcd697ed1fa624cf89b193
- SHA512
  
  e6d69b2c5842fad80ad2e9d8013a5a474cc66eebebf30ca480bdd6a63737fff33cd87253089703df601f0801b422f657133a11c86a527bc986472aaf35fb1351
- SSDEEP
  
  12288:wKKfhCzb/8x2JDoLqhM4xv4YGqmDV37g+J:w5CPU21oLq24xArqmDV37bJ
Score

3^/10
behavioral21 behavioral22
- Target
  
  츨12.16ɫ/츨12.16ɫ/sky.dll
- Size
  
  2.3MB
- MD5
  
  a34666912e7b02f977add5ba14ae6d63
- SHA1
  
  fa2b1c9b6a4cef002c5c313d0baba5249e7a3b38
- SHA256
  
  bf2f6c8572dd7e27fda731179f618ef4e14a80c02d0472d00cac4ffae99f4a0d
- SHA512
  
  1a18e36fb1671cbb839b19a108d20c8bd32ad2397f2a53a417c098e3b79e74b11ef39f5b8abbdda82974e6c6aa4f2f6f37741114653e6a91b99eabe18c58aec4
- SSDEEP
  
  24576:Vmf/XdhToOiUOiqijjpGbZVNIpiJJ5Ee/Mr+haYVQO6JmnwOYNZJZy9Xh//gM1gb:aaRHWd6KKUA4MrVD+L4YmMu1ALn
Score

1^/10
behavioral23 behavioral24
- Target
  
  츨12.16ɫ/츨12.16ɫ/temp.dat
- Size
  
  2.4MB
- MD5
  
  ef3639349c9ff57b844796ba1b0913fc
- SHA1
  
  9619120ecb4474cc9754ba0e0c2870fb91008776
- SHA256
  
  6cf2e1ba22b4f1fbbf79139c76103a2f45ed712f0fc1908a2e73035ace561523
- SHA512
  
  2088bd15dcaa565950f260e59ec0bc0b79ef2ead0888e2c0a6ac423ed48ad4d29330eab83f88750e25d76bc9efa4412f21c45cda418e88a4e4b4958fadffc1ba
- SSDEEP
  
  49152:lhmKcQ8HScTgrMV+TN3ljQa4W1n1IbdHNUkW6uMbwWU+lxtU9rF+y89rF+Wj89rW:6KWHScUrtTBljQa4W1nqHzW6uMMWU+lv
Score

4^/10
behavioral25 behavioral26
- Target
  
  츨12.16ɫ/츨12.16ɫ/ty.dat
- Size
  
  169KB
- MD5
  
  04ab3fe511b4a7465c57fc9e7aedcd3d
- SHA1
  
  f678150e525de20a58a2766d52846cc70ffcb622
- SHA256
  
  81f15689949e602c3413de07cd00d25baab313dc7a05d5fb05b7de04842a616d
- SHA512
  
  e4c5048c1ca4e4a355ff0c85932cb6e67c009f85b79189a0214026521a46744dd592cc3a83246c65a974dce67c570c2288be01150671ebc52ae9584bf10fc393
- SSDEEP
  
  3072:uP89l9/zuYu3PvTiqTsKfw6H2vPrzDlNM6FHpU9yP7X4kXq2GzT:cmlzmPvjGHvPn53dBX8p
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral27 behavioral28
- Target
  
  츨12.16ɫ/츨12.16ɫ/ty.dll
- Size
  
  372KB
- MD5
  
  6a6fcfdc2ad43d19e3299918a8845e84
- SHA1
  
  a66030d34e3357e00181241d48e8302a0a4e2098
- SHA256
  
  37e79983cde9c2f70fd73077dd7fafb944ec053f87976c6b33821b67001f0313
- SHA512
  
  495fb60dec4a65f7de72893049f46529f70bbb0eb852feab6c75f9998453413c1dc78b6779d3c55e9510ca40457c09b812b414edf4188e136f6f4ffd5c20b2e8
- SSDEEP
  
  6144:uz2R08dAbIs+orwFxCo0kNYXXGmo9TsrnpWh5G/ho0q4X/ieoNw4guSf629uCKPT:rRmIsgDOqOAyRGCVt/omrMc034jyXz02
Score

1^/10
behavioral29 behavioral30
- Target
  
  츨12.16ɫ/츨12.16ɫ/update.exe
- Size
  
  376KB
- MD5
  
  f2f3d6bc76550040e73748117d1f7043
- SHA1
  
  0afb48cca00c061a8d5c2f1c786de987517dd029
- SHA256
  
  b3f0b108f21183e10e5ec684a124144f51cc0b9c9363d030496ae18d8daee6e7
- SHA512
  
  96c82248a60510494f6fd0350ab350a8b69e41e9955bf4177aa0eaf85cfe06e87900ac75e958f642d7f36cf6bad903ca25b8c422310bbb648e9bb9a81d7982ad
- SSDEEP
  
  6144:LrIjtjvIP7C+Xx+eaKMKVt56pcRR5rhZFQGrsUwF7vlPoSv8cg:fQtcz9x+ziR5nWFpPoSJg
Score

8^/10

evasion trojan upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

Writes to the Master Boot Record (MBR)

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32