blackmoon | 6dbeebffd9de2d1c6c10c7d2bbc221dccf92b8ee4a203f5761d1343e34436a61

Sharing

Copy URL

Twitter E-mail

General

Target

6dbeebffd9de2d1c6c10c7d2bbc221dccf92b8ee4a203f5761d1343e34436a61
Size

7.8MB
Sample

221127-lrgw8sca5z
MD5

3f8efccf72373add40eb426a335f99eb
SHA1

9003bcb97756b4162fb5ec9cbbc5e347fcb789f6
SHA256

6dbeebffd9de2d1c6c10c7d2bbc221dccf92b8ee4a203f5761d1343e34436a61
SHA512

1a846905ab4d17f50af90c7e1172e615b4ac5084e193e29e63aed200279d0030ea306b05117b1f27873e10bfde977a723ad1c383cd47b450e41ea4446cb38ae6
SSDEEP

196608:7iJOa4K0DldKHfNiBEPArOZrtpp0hnAPpzu11mFCks8j:7kl4K0DUNNBLpux4zG1Iz

Score

10^/10

Malware Config

Targets

- Target
  
  츨11.27ɫ/츨.url
- Size
  
  154B
- MD5
  
  80fbd50c949bc2a5da573f855c178008
- SHA1
  
  a2e113094149600f575f269674294b8d249b2cb8
- SHA256
  
  2d5e0b36c9c72350ad613af0dd0f9dd52284326171078e8aac40f5ce54de3697
- SHA512
  
  775e4b7b7ea7ff6e36f7f0de5ac165f8421d5f4bc9ca0d88727a4d99e6b2385f8701d841e7081670dcd37adfede0a1694c70348333009a589d471df2fe0aeace
Score

1^/10
behavioral1 behavioral2
- Target
  
  츨11.27ɫ/Ա.url
- Size
  
  172B
- MD5
  
  d0352b1e2dafefaf855d33b8fb47a523
- SHA1
  
  f71da936c344746e062fe2055dc4c1ec7b1cf935
- SHA256
  
  bd01549eef91fc327e2a704f88b214834de39faab76defbc3ebbe30e65c1977f
- SHA512
  
  1fb8ff0a4e4496de2467c3314df48b0c886ec08225ae8595ecbc74cd6cffc94b0187cae9ccc87683050503ec62b70542c9414fd57fcba23abbaced701fb77471
Score

1^/10
behavioral3 behavioral4
- Target
  
  츨11.27ɫ/츨11.27ɫ/3km2.dll
- Size
  
  1.5MB
- MD5
  
  2e5ff9dc7ea781a0d99895d318af3cef
- SHA1
  
  c2dddda1b2141a8d8fe2bd4619caffa4056e0737
- SHA256
  
  6d884320514ec3a9dbb66914eebbe03e66dd3623f124988d350dc6322b76098a
- SHA512
  
  fa0eccd58a8b7dbf8681547bc344d622391219fae1fa20eed3d7d67efa494e7f23c8670ad663ec35e4e1bb533c5ab7c784b195c5e96f7c954c45b7b2bbd50276
- SSDEEP
  
  49152:zJ58ZHuvPUbFLfdwDclKIM3IMhWaz0I0:D8ZHuvPUtQclPM3IMhWaj
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  츨11.27ɫ/츨11.27ɫ/Astar.dll
- Size
  
  35KB
- MD5
  
  c0b716b0a39e6bd5b97ad509c59616cd
- SHA1
  
  434b02800a9b19e17901eb7c46c6ca240bc573de
- SHA256
  
  e791c2fa9b0435ade26b7d8d295ac957ce0eb5d30bca0cbc4cff3d3f5d8dbdef
- SHA512
  
  60bbfa1d09ff9fc5aa25886d22cc9c4bd4b602e4a723a5f3ea454cf3834a8dabf8d8630dbc8f6a61765d3feb7d498526e19503db27fbb6350266d2ea40cb17cb
- SSDEEP
  
  384:voWyKa2k8KeTduFoSQPZaqSItpQt/stcc/pjKhwElrP+lnu6EDHkCr1GNC8vyNbn:v+KWVKFazapm70+hf7GnTEDT8vyh
Score

3^/10
behavioral7 behavioral8
- Target
  
  츨11.27ɫ/츨11.27ɫ/Dll.dll
- Size
  
  7KB
- MD5
  
  0bbbca7038095d2ca8eff205bb1c7210
- SHA1
  
  af89fc4b2dfbfd0a0ce464a171c78009f7caf1b6
- SHA256
  
  3b4869d560062b4ea0edd78fba1d798a403b8749a9b32d323058e7e6416ee53e
- SHA512
  
  2870cbf3eb75b3812f502b6ab5adae543349b02eb8e62ec1531d0464c9d475e69d4a9e6773a237dc7616f5754ef255903d976cf7d7a5d55e5b2b5043112595d7
- SSDEEP
  
  96:yWf0YDrMtyjnyoSvDilH2tBOMrJQOBdFC+orPT3XAUPVAF6GDTnECt6M7N:5iy+o4DiwBOxO2rr3XHPV26Onf6A
Score

1^/10
behavioral10 behavioral9
- Target
  
  츨11.27ɫ/츨11.27ɫ/GetInfo.dll
- Size
  
  1.5MB
- MD5
  
  dbac2c9c7545463a542820337e504dd4
- SHA1
  
  f1927a37103145678bffefd2437d3c18a9b68831
- SHA256
  
  ef022b706eab8542d2cf3be7de64b66cb809509732b08f6e055abeb84bdbba48
- SHA512
  
  298dca7f6a9b9557305d435463063b421285d2420f581f28770ffb837dee55ae7ab99547bbd5e4d80da7958d1eb259f0d3c8262bbbd71517d89a0de47795d384
- SSDEEP
  
  49152:7wZEkRqxYYYGkMzgBss/g6hIOd9uZNMcC8CFyluyplN1vn:QEnxdHkMz8ss/g6hISuzvCFysyplN
Score

3^/10
behavioral11 behavioral12
- Target
  
  츨11.27ɫ/츨11.27ɫ/Lua.dll
- Size
  
  156KB
- MD5
  
  546696fc01d9c7c912da33a7ffecf21a
- SHA1
  
  46f3ac49346afd4e85db46ade697f536afd8bee6
- SHA256
  
  1b233ec23eccf5cc532e9f1349093ad7dc6b5d14973b1fb09251a21bf080e687
- SHA512
  
  7ac984e2d3e91a23a256c6e118d2e83c5049310e5877b436f65a82b4c0e744677ef12d945625eac72f210ad73617133dc10a64b23aa03fcc9513906167174089
- SSDEEP
  
  3072:kWxO4AOqXKN18lz1ajwgFxgi9bHb/fERierQ:kH/O+NlYBFxbnERVQ
Score

3^/10
behavioral13 behavioral14
- Target
  
  츨11.27ɫ/츨11.27ɫ/gom.dat
- Size
  
  900KB
- MD5
  
  f674e8892127fb6dee55c45f90bef80c
- SHA1
  
  07d02adfd68e17d0744a139a37f063ccf3acc660
- SHA256
  
  428133cfffb97d29571b38dd5eceefec586b35c1ec750717f4eadb3f9c49350d
- SHA512
  
  184619f238f96651f33c72aeb9d6024919ab100f4b2314add3ca56dcd30a885f1b1111c1ffd36f0398140abaad887f0519e4683115e0cabd54e9e3cd6c6152bd
- SSDEEP
  
  12288:bE4yngBeZp2Z3fubpeRIwgY49xOw9NHWoE1TEEtAPJBvMWt:bE43AZpO3fkplwf4rOWNHWoINB
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16
- Target
  
  츨11.27ɫ/츨11.27ɫ/gom.dll
- Size
  
  1.4MB
- MD5
  
  5292dd08cc360231e91320d2599c5c8a
- SHA1
  
  caf0bd247c4c4d73854ba6c852ee97ce46cf4949
- SHA256
  
  0d08a63a51270608424655e58669b4e843062a18e8eb97b232401ff3bd3510c9
- SHA512
  
  ce86e3433d5857981419cf46b8bceae63570406938397acfc8f845eca99e89c654ec4d973a89b0d11a9c39ee1d9ebb5dbc33f906c89207970760c4223a781077
- SSDEEP
  
  24576:/3//MJCTzF2S9rfY3Lxn8EacxRabl+dbl3rw3nk6aju8Yovco4Jc2af:/3bF2S9rfY3Lx1XRSl+/E3Ku8Yov4Raf
Score

1^/10
behavioral17 behavioral18
- Target
  
  츨11.27ɫ/츨11.27ɫ/jx.dll
- Size
  
  652KB
- MD5
  
  4e1c140d96b8cd84cd378ae96b2f6b1e
- SHA1
  
  9441f2e1c20e5be9558ff36a8ca97659a8be230b
- SHA256
  
  c8bc513379447f5e18a19daf61c9c50189dc8f22bbdcd697ed1fa624cf89b193
- SHA512
  
  e6d69b2c5842fad80ad2e9d8013a5a474cc66eebebf30ca480bdd6a63737fff33cd87253089703df601f0801b422f657133a11c86a527bc986472aaf35fb1351
- SSDEEP
  
  12288:wKKfhCzb/8x2JDoLqhM4xv4YGqmDV37g+J:w5CPU21oLq24xArqmDV37bJ
Score

3^/10
behavioral19 behavioral20
- Target
  
  츨11.27ɫ/츨11.27ɫ/sky.dll
- Size
  
  2.3MB
- MD5
  
  4b3997a17c3c356b3c4a964059312ad3
- SHA1
  
  6b14988e49a58f48ced59248a41c17c9d6e1c3ef
- SHA256
  
  f06dfce697f6caabdd47e5acecd6a116f3fd9e238b2dc2f382077937e194aa7d
- SHA512
  
  7105816d6083681cdef6151fce90df2a6b922b5f32a65583006e7f2d3040d6c656e7e0b9d1274c8a5179d353d080fdbf44fb53688d645d71790bb86454d00908
- SSDEEP
  
  24576:QkwBweg/qAPbCGbB6NjGdcfibb9ee2Kw29v1oG36MJhBRBmhD9DVdNv6VzGaI+Hv:IMxUO5Ropdl+L4YexzxXG9
Score

1^/10
behavioral21 behavioral22
- Target
  
  츨11.27ɫ/츨11.27ɫ/ty.dat
- Size
  
  169KB
- MD5
  
  04ab3fe511b4a7465c57fc9e7aedcd3d
- SHA1
  
  f678150e525de20a58a2766d52846cc70ffcb622
- SHA256
  
  81f15689949e602c3413de07cd00d25baab313dc7a05d5fb05b7de04842a616d
- SHA512
  
  e4c5048c1ca4e4a355ff0c85932cb6e67c009f85b79189a0214026521a46744dd592cc3a83246c65a974dce67c570c2288be01150671ebc52ae9584bf10fc393
- SSDEEP
  
  3072:uP89l9/zuYu3PvTiqTsKfw6H2vPrzDlNM6FHpU9yP7X4kXq2GzT:cmlzmPvjGHvPn53dBX8p
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral23 behavioral24
- Target
  
  츨11.27ɫ/츨11.27ɫ/ty.dll
- Size
  
  372KB
- MD5
  
  6a6fcfdc2ad43d19e3299918a8845e84
- SHA1
  
  a66030d34e3357e00181241d48e8302a0a4e2098
- SHA256
  
  37e79983cde9c2f70fd73077dd7fafb944ec053f87976c6b33821b67001f0313
- SHA512
  
  495fb60dec4a65f7de72893049f46529f70bbb0eb852feab6c75f9998453413c1dc78b6779d3c55e9510ca40457c09b812b414edf4188e136f6f4ffd5c20b2e8
- SSDEEP
  
  6144:uz2R08dAbIs+orwFxCo0kNYXXGmo9TsrnpWh5G/ho0q4X/ieoNw4guSf629uCKPT:rRmIsgDOqOAyRGCVt/omrMc034jyXz02
Score

1^/10
behavioral25 behavioral26
- Target
  
  츨11.27ɫ/츨11.27ɫ/update.exe
- Size
  
  376KB
- MD5
  
  f2f3d6bc76550040e73748117d1f7043
- SHA1
  
  0afb48cca00c061a8d5c2f1c786de987517dd029
- SHA256
  
  b3f0b108f21183e10e5ec684a124144f51cc0b9c9363d030496ae18d8daee6e7
- SHA512
  
  96c82248a60510494f6fd0350ab350a8b69e41e9955bf4177aa0eaf85cfe06e87900ac75e958f642d7f36cf6bad903ca25b8c422310bbb648e9bb9a81d7982ad
- SSDEEP
  
  6144:LrIjtjvIP7C+Xx+eaKMKVt56pcRR5rhZFQGrsUwF7vlPoSv8cg:fQtcz9x+ziR5nWFpPoSJg
Score

8^/10

evasion trojan upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral27 behavioral28
- Target
  
  츨11.27ɫ/츨11.27ɫ/ws.dll
- Size
  
  596KB
- MD5
  
  93f0109f592e1cda54c6b3f788298e47
- SHA1
  
  8e2645971b4886983d3afa7b2523644b077522e0
- SHA256
  
  80a1e632892e5f1e11f1e1527e6523716b25f64024255e91e91a81f39223cb01
- SHA512
  
  f54d505395bda23208cdea578323b64723364186d5ddc03bce184f969a41660fa9b21cb1e4a54f42e5480a43bbfcbeb243322cf75e60f34ea1dce45b35e95e73
- SSDEEP
  
  12288:jW7e/hIRy1EbQ9K3V0Ix3GdlnQgIXfZ2FbAityQn:jW7e/hIRy+bd3VZelQg4QcCVn
Score

1^/10
behavioral29 behavioral30
- Target
  
  츨11.27ɫ/츨11.27ɫ/츨11.27ɫ.exe
- Size
  
  2.1MB
- MD5
  
  9e2c071739ec34477c6a1237f42c92b0
- SHA1
  
  486773f66d4f22f0ddf0101629d3a2f959b7994c
- SHA256
  
  46ecf2080f94e17075c9501c32d47c82cfa834a9da6835318df6276a99eaf711
- SHA512
  
  cd40461b30a173a81db25c50e8785c31f441ecea327baf85833a809e4d22836f36e48f62b9652599f2e5b96da7638b49e1a2562cd2b5173fa87a7826d3300a58
- SSDEEP
  
  49152:FR2oTddQuFyp6ano1RYsj4Eh5SLiXw9ftPcnmZD:FHQNp6FYskEhiIwtt0nmZ
Score

8^/10

upx vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

Writes to the Master Boot Record (MBR)

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

Checks whether UAC is enabled

UPX packed file

VMProtect packed file

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32