blackmoon | cd1d744dc39adf50bc17b587d203d5fce77995c4c51cc0438187dfc9eabbd948

Sharing

Copy URL

Twitter E-mail

General

Target

3X.zip
Size

263.8MB
Sample

230902-eryresbc44
MD5

03eccf997e83861eb757e7e80e951907
SHA1

e68a278f5381655e5928ee4dc5d90903f683ec2f
SHA256

cd1d744dc39adf50bc17b587d203d5fce77995c4c51cc0438187dfc9eabbd948
SHA512

79de56f906f63092ef156b9054f85b97ae5c6b2339ce1b84c6075e41f8a0758a9ba6c2bdfff6adb56fe72a7ca0c3e8b386d8d43185bfb8f15a2bc5647585088a
SSDEEP

6291456:smYy1MT3xsl4hVo8DnxXVDQQjyt++b1rdTguFk7BFJ:smYwMbxsSVoOnTti+AtNguFkBFJ

Score

10^/10

Malware Config

Targets

- Target
  
  TseFDup.msi
- Size
  
  58.0MB
- MD5
  
  e8e3c51ef44a0a264ccd99bb030fc6f0
- SHA1
  
  4ab03b01955a49eda038aacf54fd293f9cf1b176
- SHA256
  
  52abefced6db7a813b8890fe315e7375b65d096ebc25eeb2a573c2ccb99fa217
- SHA512
  
  af25f1bad6a3af735c787367392da251c9a3c054b7fc24fe859de1afa81bac074b469f0b4081869bdff0c3f8464ee6c41dea8a20a83640a721d64a9501c445c1
- SSDEEP
  
  1572864:Z1fOC74Fczd0leo69+omjTKahIfCCAWmyEt57UyUxbsCSV:Z1fa4+YXtIKC5EDyUth
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3
- Target
  
  desk-zhonwenbao4.9.msi
- Size
  
  90.9MB
- MD5
  
  9cee7423f1bd5d64559c49689a18c06b
- SHA1
  
  5a75b69d2e66fc679c123d60a12712566246904a
- SHA256
  
  296608771a852e2e95f8fbd3f1990e671a9b7d44f84470335f262ff9b14b7d1c
- SHA512
  
  4e0da5e6fe0205d065cd3eeb9d5e2fb644177d65c273f447686b51d614b5c89a0c435b2ae2698d2a8e2aba5838dc576e5fb2cceb7d44aeea959d9e9369ed6f00
- SSDEEP
  
  1572864:3S8hXhuaZPB/j+Q4FAXaG/25Zwd7zZ2r+qriUeB6SXJObHXEq0bT7MbC3IA64Fy1:2aORGqR5ORqrUB7kbon7MbC3z6MbK
Score

10^/10

evasion trojan upx
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral4 behavioral5 behavioral6
- Target
  
  py-hzz.msi
- Size
  
  118.5MB
- MD5
  
  647864bf491144519120e6aef0ccee2b
- SHA1
  
  aa0f4f5ae485cc31c80d1241442bd07710db353e
- SHA256
  
  1e87ebcf8bf36d40079573ee61efb7f4e7f70b46c85ca1888899490b4be5f98d
- SHA512
  
  12bdbed6a35d0c22e3266f1356ad8261d66d539be4e344084aeb7a3d05d438081ffd328ba6da9028f745b17e50af96b27e80ebc7cec2969acda308657c7019c1
- SSDEEP
  
  3145728:n92fD6MoAr3Z1q3oeZJDN/Mfm1eoT1Fl0f5yQBtmpX4:gfD6Moc3a3oeZnMGBRsdtmR
Score

10^/10

blackmoon banker trojan
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8 behavioral9