Overview

overview

10

Static

static

1

大航全�...API.db

windows10-1703-x64

3

大航全�...API.db

windows7-x64

3

大航全�...API.db

windows10-2004-x64

3

大航全�...��.exe

windows10-1703-x64

10

大航全�...��.exe

windows7-x64

10

大航全�...��.exe

windows10-2004-x64

10

大航科�...API.db

windows10-1703-x64

3

大航科�...API.db

windows7-x64

3

大航科�...API.db

windows10-2004-x64

3

大航科�...��.exe

windows10-1703-x64

10

大航科�...��.exe

windows7-x64

10

大航科�...��.exe

windows10-2004-x64

10

Resubmissions

16-04-2023 17:34

230416-v5hkcsce3x 10

16-04-2023 17:26

230416-vzvbzaag27 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    新建文件夹.7z

  • Size

    5.5MB

  • Sample

    230416-v5hkcsce3x

  • MD5

    8fc853b1ff254bb812c0e935a19b5a87

  • SHA1

    ae34cfa18a0670036d892fced6ba542068e13c04

  • SHA256

    c7a6d9c03343f882bf58d13a6a79db731c6eedabe67cb4a78d08e66b4971498a

  • SHA512

    66a7e4c1718d5c8ada907b2ff21f18d5913a98672669640bef338af2a69ce7a4c3f6119453653c1504a715849ab7ae20e39bb49ed3f78c8c33738c4b0029a578

  • SSDEEP

    98304:XGb/MMNfz3ddmsZh+9kzERDpjTEJN0ntJUFFDkH+yIO8Q4A9nj5Do1ubgd7LTfU1:XGY8Lt5UTED0tmFD3yIOqAY1uUZTfUJ7

Score
10/10
blackmoonbankertrojanupx

Malware Config

Targets

    • Target

      大航全球实体卡-虚拟卡接码电脑端口/X64/DIFXAPI.db

    • Size

      10.0MB

    • MD5

      216d9df008dd6f1d3df83fce613524f6

    • SHA1

      3b5f566334d588add84a0c7983187bccfbbf5aa7

    • SHA256

      86be4940c2fc18eda11fa860c815eddcf98689aea446814127622bd47abec547

    • SHA512

      bab7288b6a3740fe14cfd8e325fa78528f2288e87b08e60bf88f0753f99b6ffa4663933718e176b2549f371dfd85735424146d4b751d065324d1ff6dc8e9061c

    • SSDEEP

      98304:27mUa6pMlGs+XMdFtDkHYOToHYOTFHYKHY6HYpwaLsyJ95xJm1hEVT4eNTigdGWO:EmVfcMv1iwaQQxJlTENIJranuf2jZ

    Score
    3/10
    behavioral1behavioral2behavioral3

    • Target

      大航全球实体卡-虚拟卡接码电脑端口/大航全球实体卡-虚拟卡接码电脑端口.exe

    • Size

      2.6MB

    • MD5

      9f339063dbe562051732472b0f73c12d

    • SHA1

      2ac2940992ad9cee88092e18566c82f6b6c114b1

    • SHA256

      7955c98c1bd693e24c92833f2186d58dd0c5fad231a8f27572bac5aeb2793674

    • SHA512

      06d44b0cdc4b62536a61d4cae7e9b96a435e13907890b1b423d64e9b2c68cf6dd342eefa3af1601018508353c837d35d2a28f1d29306f990b32367f63e09c7ab

    • SSDEEP

      49152:MC8ie3CGb7SCEns4SdqyTZ0Z3dMZG0+RQnwyiAKP1HrlF0OS20wlR+BkpT:e3+P2wyiAA0OSylRMkp

    Score
    10/10
    blackmoonbankertrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Detects any file with a triage score of 10

      This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral4behavioral5behavioral6

    • Target

      大航科技全球实体卡-虚拟卡接码PC端口/X64/DIFXAPI.db

    • Size

      10.0MB

    • MD5

      216d9df008dd6f1d3df83fce613524f6

    • SHA1

      3b5f566334d588add84a0c7983187bccfbbf5aa7

    • SHA256

      86be4940c2fc18eda11fa860c815eddcf98689aea446814127622bd47abec547

    • SHA512

      bab7288b6a3740fe14cfd8e325fa78528f2288e87b08e60bf88f0753f99b6ffa4663933718e176b2549f371dfd85735424146d4b751d065324d1ff6dc8e9061c

    • SSDEEP

      98304:27mUa6pMlGs+XMdFtDkHYOToHYOTFHYKHY6HYpwaLsyJ95xJm1hEVT4eNTigdGWO:EmVfcMv1iwaQQxJlTENIJranuf2jZ

    Score
    3/10
    behavioral7behavioral8behavioral9

    • Target

      大航科技全球实体卡-虚拟卡接码PC端口/大航科技全球实体卡-虚拟卡接码PC端口.exe

    • Size

      2.6MB

    • MD5

      9f339063dbe562051732472b0f73c12d

    • SHA1

      2ac2940992ad9cee88092e18566c82f6b6c114b1

    • SHA256

      7955c98c1bd693e24c92833f2186d58dd0c5fad231a8f27572bac5aeb2793674

    • SHA512

      06d44b0cdc4b62536a61d4cae7e9b96a435e13907890b1b423d64e9b2c68cf6dd342eefa3af1601018508353c837d35d2a28f1d29306f990b32367f63e09c7ab

    • SSDEEP

      49152:MC8ie3CGb7SCEns4SdqyTZ0Z3dMZG0+RQnwyiAKP1HrlF0OS20wlR+BkpT:e3+P2wyiAA0OSylRMkp

    Score
    10/10
    blackmoonbankertrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks