blackmoon | d18b1b9472e9adad52cdf260422fa4886307f41a4d20ed691f4c11bc375c9022 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

53b2739b338d74dbcd47af5ae965fb46
Size

928KB
Sample

231226-ey2rnachbl
MD5

53b2739b338d74dbcd47af5ae965fb46
SHA1

d09479f38fca525d356466599228cf0662616493
SHA256

d18b1b9472e9adad52cdf260422fa4886307f41a4d20ed691f4c11bc375c9022
SHA512

113afefef24dec012b1db26cb23901f4c1f9e4fa78ab7fd995f6df5535f1030501e32019960298fb64866f3f68890b78dd5ae47f11b608131ff3e5e6f58a9f32
SSDEEP

24576:44GDpvBZSbtx+6dEUSmpUmITPKKldb3HE0Z:444dWbrBEZmpUBKKldb3FZ

Score

10^/10

blackmoon persistence upx

Malware Config

Targets

- Target
  
  反p2p终结者2012 增强绿色版/PC6官方下载.url
- Size
  
  111B
- MD5
  
  57dce0346fe9213ab42359d8795e5ff4
- SHA1
  
  ed3c2fe149f0fcee84211768631c00f9f6d09ed6
- SHA256
  
  601dc2749dd778da6caae50757007c5848436c4943c5e9e05e81d3ad5c89a21b
- SHA512
  
  a1ed76ee3aba5152bc7283042545c596a0ef3d390f0326324ddad071b19db23ee4b9f5006f2a7cd16c57098d9b6000c91d6f9fd495de2b40ded657dc4bcaa817
Score

1^/10
behavioral1 behavioral2
- Target
  
  反p2p终结者2012 增强绿色版/WinPcap_3_0.exe
- Size
  
  430KB
- MD5
  
  11e090da8cd414bd0267e40beae86f5b
- SHA1
  
  314a0a2a6b51b63909b65bcad9a7079f9b0d51a4
- SHA256
  
  6ffb9b3a8c9e557462d8098e4cd9bff9272c28f3b5e802ee3f864dfb3b086253
- SHA512
  
  380e79786983361d6531ca0b20e4618fed46a78692a576c4954807280dfcc183d5f908463d08ec561b7ab4ac261697ccb393b2609e9ff13b96aeb3102c8c6f79
- SSDEEP
  
  12288:CELJjxO3OxGxlaTEQCHDGmcSQBhmHEuhre2Sb:BL9IexGxsYQCCmcSQqkuAB
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  反p2p终结者2012 增强绿色版/反p2p终结者2012增强版.exe
- Size
  
  62.6MB
- MD5
  
  5e6b1c5a450caebbc8a8e9cbd3f37723
- SHA1
  
  fe86b4566340b18fb61c4e6e89c8be94ec6fff00
- SHA256
  
  f73b0f38bd675deb45bdf2e0f15cf8b5729d5ef1f1c872da520f282ef3412170
- SHA512
  
  7a50a07004e48fe109aad99facaaa295aece2453db759d5ad5887e988693ebbca8e268a1aa53efa7259ffeea8574a6f926f8f87eef12273cd0182df2c8d5cb04
- SSDEEP
  
  24576:tXvrMJvSqd8nqX9vH84VT7YLlbDPU16duTPTKWJ/wQ0e:tYJKLnKCDPU8c7KWJE
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6