blackmoon | d90cd579e5d990d15167cb85f288b85cd50af5e1b195ecbb0d9848b7e0abbbaf | Triage

Submit
Reports

Overview

overview

Static

static

3

W-p-s-X.6.4.exe

windows7-x64

W-p-s-X.6.4.exe

windows10-1703-x64

W-p-s-X.6.4.exe

windows10-2004-x64

Sharing

General

Target

W-p-s-X.6.4.exe
Size

103.4MB
Sample

230828-eg6z2shc8w
MD5

5fbe99e528572de675c72bfb3102584a
SHA1

0e04c5bb38a47cf0eca9120d7e8637c1114c83b2
SHA256

d90cd579e5d990d15167cb85f288b85cd50af5e1b195ecbb0d9848b7e0abbbaf
SHA512

b8faa21e4d6eacee27a4ca6eff0cbb4ea1dbe2250c7398d757fc7cf60d4d0764490253fc0ee68728e8bdaf0ca59b9bc6e7a48247d4560513e327bdd5e3a0cdfb
SSDEEP

3145728:whd03L6sBGn66jS6ZQJ5r4b9s0rhDbV1MdlKI2JFOhbA:8UDBG66jS6ST101nVckI2DOhbA

Score

10^/10

blackmoon gh0strat banker evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

W-p-s-X.6.4.exe

Resource

win7-20230712-en

blackmoon gh0strat banker evasion rat trojan upx

windows7-x64

19 signatures

300 seconds

Behavioral task

behavioral2

Sample

W-p-s-X.6.4.exe

Resource

win10-20230703-en

blackmoon gh0strat banker evasion rat trojan upx

windows10-1703-x64

19 signatures

300 seconds

Behavioral task

behavioral3

Sample

W-p-s-X.6.4.exe

Resource

win10v2004-20230703-en

blackmoon gh0strat banker evasion rat trojan upx

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  W-p-s-X.6.4.exe
- Size
  
  103.4MB
- MD5
  
  5fbe99e528572de675c72bfb3102584a
- SHA1
  
  0e04c5bb38a47cf0eca9120d7e8637c1114c83b2
- SHA256
  
  d90cd579e5d990d15167cb85f288b85cd50af5e1b195ecbb0d9848b7e0abbbaf
- SHA512
  
  b8faa21e4d6eacee27a4ca6eff0cbb4ea1dbe2250c7398d757fc7cf60d4d0764490253fc0ee68728e8bdaf0ca59b9bc6e7a48247d4560513e327bdd5e3a0cdfb
- SSDEEP
  
  3145728:whd03L6sBGn66jS6ZQJ5r4b9s0rhDbV1MdlKI2JFOhbA:8UDBG66jS6ST101nVckI2DOhbA
Score

10^/10

blackmoon gh0strat banker evasion rat trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoongh0stratbankerevasionrattrojanupx

behavioral2

blackmoongh0stratbankerevasionrattrojanupx

behavioral3

blackmoongh0stratbankerevasionrattrojanupx

© 2018-2024

Terms | Privacy