blackmoon | dccf3c22b188bf647e9bc03f61275314bfc185c2520b38a683bf1566e484e993 | Triage

Submit
Reports

Overview

overview

Static

static

3

大航全�...��.rar

windows7-x64

3

大航全�...��.rar

windows10-2004-x64

3

D1.exe

windows7-x64

D1.exe

windows10-2004-x64

X64/DIFXAPI.db

windows7-x64

3

X64/DIFXAPI.db

windows10-2004-x64

3

Sharing

General

Target

大航全球实体卡-虚拟接码PC端口.rar
Size

5.5MB
Sample

230505-vc48nadd9y
MD5

6085cdcf6f31e7fccb6202a305dd75b5
SHA1

62a6e69cfff4a44db8c24a91de16e457e0318721
SHA256

dccf3c22b188bf647e9bc03f61275314bfc185c2520b38a683bf1566e484e993
SHA512

5728044db4b6e7194b622c4fc841cdcfa60e68fe4e6302d61adfbf08b51e823824420c8ba9b390a14b1b7f89264726019ec27adca7ee23b559534e8ee4bdbe42
SSDEEP

98304:0nEMBLpvd4ppNwRr9u0l2C0SxJlBzJAzCuBQ3r4rOJWESAapE7edhwvTFbUinL8W:vMXvdmio0l0Sx3AzZB+QOJ0XnCBU88P+

Score

10^/10

blackmoon banker trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

大航全球实体卡-虚拟接码PC端口.rar

Resource

win7-20230220-en

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

大航全球实体卡-虚拟接码PC端口.rar

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

300 seconds

Behavioral task

behavioral3

Sample

D1.exe

Resource

win7-20230220-en

blackmoon banker trojan upx

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral4

Sample

D1.exe

Resource

win10v2004-20230220-en

blackmoon banker trojan upx

windows10-2004-x64

10 signatures

300 seconds

Behavioral task

behavioral5

Sample

X64/DIFXAPI.db

Resource

win7-20230220-en

windows7-x64

1 signatures

300 seconds

Behavioral task

behavioral6

Sample

X64/DIFXAPI.db

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

300 seconds

Malware Config

Targets

- Target
  
  大航全球实体卡-虚拟接码PC端口.rar
- Size
  
  5.5MB
- MD5
  
  6085cdcf6f31e7fccb6202a305dd75b5
- SHA1
  
  62a6e69cfff4a44db8c24a91de16e457e0318721
- SHA256
  
  dccf3c22b188bf647e9bc03f61275314bfc185c2520b38a683bf1566e484e993
- SHA512
  
  5728044db4b6e7194b622c4fc841cdcfa60e68fe4e6302d61adfbf08b51e823824420c8ba9b390a14b1b7f89264726019ec27adca7ee23b559534e8ee4bdbe42
- SSDEEP
  
  98304:0nEMBLpvd4ppNwRr9u0l2C0SxJlBzJAzCuBQ3r4rOJWESAapE7edhwvTFbUinL8W:vMXvdmio0l0Sx3AzZB+QOJ0XnCBU88P+
Score

3^/10
behavioral1 behavioral2
- Target
  
  D1.exe
- Size
  
  2.6MB
- MD5
  
  9f339063dbe562051732472b0f73c12d
- SHA1
  
  2ac2940992ad9cee88092e18566c82f6b6c114b1
- SHA256
  
  7955c98c1bd693e24c92833f2186d58dd0c5fad231a8f27572bac5aeb2793674
- SHA512
  
  06d44b0cdc4b62536a61d4cae7e9b96a435e13907890b1b423d64e9b2c68cf6dd342eefa3af1601018508353c837d35d2a28f1d29306f990b32367f63e09c7ab
- SSDEEP
  
  49152:MC8ie3CGb7SCEns4SdqyTZ0Z3dMZG0+RQnwyiAKP1HrlF0OS20wlR+BkpT:e3+P2wyiAA0OSylRMkp
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  X64/DIFXAPI.db
- Size
  
  10.0MB
- MD5
  
  216d9df008dd6f1d3df83fce613524f6
- SHA1
  
  3b5f566334d588add84a0c7983187bccfbbf5aa7
- SHA256
  
  86be4940c2fc18eda11fa860c815eddcf98689aea446814127622bd47abec547
- SHA512
  
  bab7288b6a3740fe14cfd8e325fa78528f2288e87b08e60bf88f0753f99b6ffa4663933718e176b2549f371dfd85735424146d4b751d065324d1ff6dc8e9061c
- SSDEEP
  
  98304:27mUa6pMlGs+XMdFtDkHYOToHYOTFHYKHY6HYpwaLsyJ95xJm1hEVT4eNTigdGWO:EmVfcMv1iwaQQxJlTENIJranuf2jZ
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

blackmoonbankertrojanupx

behavioral4

blackmoonbankertrojanupx

behavioral5

behavioral6

© 2018-2024

Terms | Privacy