blackmoon | e67a5de2a37a1f551b43856378beaf2b9dacf18947004c63fe5c3c077765b8d1

General

Target

xiaodaxzqxia.zip
Size

2.1MB
Sample

230703-c5hagsed83
MD5

1d3110000dd1eabc49ad856a6ff2628c
SHA1

30d606b55445fce9e2db5151754524a8b6eb3409
SHA256

e67a5de2a37a1f551b43856378beaf2b9dacf18947004c63fe5c3c077765b8d1
SHA512

b67771c5338dd2537ef10c57532fc394d9f1863806239d6d7d9407ac46829f4ca7c74aa6f8c46958e191572bdc56f20e6d62e69f483526f620e0f4ba084aea48
SSDEEP

49152:9ud2AjGIf24SkT6BCotc2l14Qbi52AO2IaMR1VIu4BR7rex8HcP:922QGIu4Sk2Cotc04r2AOB1VIu4Bk

Score

10^/10

Malware Config

Targets

- Target
  
  libcrypto-3.dll
- Size
  
  102.3MB
- MD5
  
  4bcb44a845417cafc7d9b26fe931ac3a
- SHA1
  
  d47e4b9d732585e28ce229f7ef9bdd941fabea6e
- SHA256
  
  dc5c197f147eeb7dc774653b80b1fc13a0bc1221eb0e942621bd1631ca2d0573
- SHA512
  
  5a6e0a75ff7546a2f51c2dc57eb1dc18514439037d05d7f078a22793b4972d09aa3e77eef9edd17850671bcbb1359b8bf8ffd55d7765db20dd8ddde9d4d852eb
- SSDEEP
  
  24576:7Yqgr+TBzrabXb8zsMbQrjQzeBa3q0LZdU0B9IwiPr6VoVVD83HNUJyPiOKLA:7ztzsM5n62U0BG76VoPuHNMy6
Score

10^/10

blackmoon gh0strat banker rat trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  saxbn.exe
- Size
  
  1.7MB
- MD5
  
  af7aac457eaefe1c228937403b933251
- SHA1
  
  166cbb657538ad45778dc77b9ae2b70eb961038b
- SHA256
  
  24411c2364855dfecc955f5ce2081d2ba9af1cb108eef97963b3c8a91ff288b8
- SHA512
  
  9b77d0605b3d4e0b79fc7ad01f7873e04c1331e438f20960fb18d51f4063ecb1c4df2d739e7731d78f2f5c89555e0135db65429baebc03a0144fc756f8410f8c
- SSDEEP
  
  49152:1Z6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVc5:1g3Yz5J/693km
Score

10^/10

blackmoon gh0strat banker rat trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Blackmoon, KrBanker

Detect Blackmoon payload

Gh0st RAT payload

Gh0strat

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Suspicious use of SetThreadContext

Blackmoon, KrBanker

Detect Blackmoon payload

Gh0st RAT payload

Gh0strat

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4