Overview

overview

10

Static

static

3

更多软�...��.url

windows7-x64

1

更多软�...��.url

windows10-2004-x64

1

筱瞬新�...��.exe

windows7-x64

10

筱瞬新�...��.exe

windows10-2004-x64

10

Resubmissions

25-05-2024 18:15

240525-wv5gtadb5s 10

25-05-2024 17:58

240525-wka58acf3x 7

25-05-2024 17:53

240525-wgaehsce2y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72c70d9be05436cec566889e324abc1f_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240525-wgaehsce2y

  • MD5

    72c70d9be05436cec566889e324abc1f

  • SHA1

    370755c5c4ff6e22a0686cc9133915b5efc4be07

  • SHA256

    2a329aca11ad3ca4971d2451667f37785d349cd32a8f3f624aec20e9710d00e2

  • SHA512

    f335974fd3321476a6775e54af360a162c2f8d5f362cd6e81f123848d215cb873229e567fa0d0ffa80ccf718542b8d224b89f62969af7e38dd62a865f50756fb

  • SSDEEP

    98304:H3JoHx28G8JzGfbHpYkdVa43iOExEeQUsbvBzUfAWjQgbhuANvt:HeHQ8cblXSZEeQUodKbwAT

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Targets

    • Target

      更多软件下载.url

    • Size

      219B

    • MD5

      122e953f3a92541c27cc62db2d9bb0f7

    • SHA1

      5c85d98b4bce0daac9631297ddb00b005161d131

    • SHA256

      5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd

    • SHA512

      77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583

    Score
    1/10
    behavioral1behavioral2

    • Target

      筱瞬新强登免费1.0(自带辅助).exe

    • Size

      5.0MB

    • MD5

      d15e43c236b3c9a30be27ab1f058fff5

    • SHA1

      b0de019c5cd8e988c3cd641bd7524f94c5ecf47e

    • SHA256

      041a024bbeefcab9ecb8a0efef5070b9bed782aa4b17a12fb38456b0a6e0b839

    • SHA512

      38b3f6d1f890f030bf2319e69e301ac49ee648c716377efc7095f9109b96eb36cd4a4d984f3c4a24a1d682b98919866eea070444899a27090e21df14b700168d

    • SSDEEP

      98304:3wC3/lp1g8yW3nGVBl9CTQTXoUxkaruJJjb4KFx+9jNryrhRWoAvEeSkT5u6Xb+g:7vm8UBuyowk2ojb4USJyr+osRSkHtHhj

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks