blackmoon | 4351220d28072a0ddfdb51c16abf1a44988f0cf8a3e1a175ee1c35db7fcad0e0 | Triage

Submit
Reports

Overview

overview

Static

static

3

d7b947c8f4...ae.exe

windows7-x64

d7b947c8f4...ae.exe

windows10-2004-x64

d9c96b2b7c...45.exe

windows7-x64

d9c96b2b7c...45.exe

windows10-2004-x64

Sharing

General

Target

em1.zip
Size

263KB
Sample

240606-jwypfabf3z
MD5

2700b12bde4b74a62b726a86e26871b2
SHA1

4e7e14b4e93dd69c9edd84441b58e843f1898b1a
SHA256

4351220d28072a0ddfdb51c16abf1a44988f0cf8a3e1a175ee1c35db7fcad0e0
SHA512

c743f24456721f58f973f1cc2420ca5f746036ab4c3ed7e3d136f1e8257b360ceb6cec07c9b55b09775402cbfd12212b4da9ffef22087ee76c106f74d22ea715
SSDEEP

6144:fLGLXEE61wwM9h1FscTKaoUZ/UwAQ23AORKTAu4siAv/iSAPA:CTUwj/uWohwABmAuTvKM

Score

10^/10

blackmoon redline furga banker infostealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d7b947c8f4365722e24b430542fb015c86d7dafc180e300279e9742e4f6fe8ae.exe

Resource

win7-20240508-en

redline furga infostealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7b947c8f4365722e24b430542fb015c86d7dafc180e300279e9742e4f6fe8ae.exe

Resource

win10v2004-20240508-en

redline furga infostealer

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe

Resource

win7-20240508-en

blackmoon banker trojan upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe

Resource

win10v2004-20240508-en

blackmoon banker trojan upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

furga

C2

83.97.73.128:19071

Attributes

auth_value
1b7af6db7a79a3475798fcf494818be7

Targets

- Target
  
  d7b947c8f4365722e24b430542fb015c86d7dafc180e300279e9742e4f6fe8ae
- Size
  
  402KB
- MD5
  
  d2d72ee4be8307cd762ed69797ded0fd
- SHA1
  
  be578c8677e04be3d31b82987afbdcf5cbbd4fc8
- SHA256
  
  d7b947c8f4365722e24b430542fb015c86d7dafc180e300279e9742e4f6fe8ae
- SHA512
  
  052dd0803fcdfd96b8671193f03279a5a62dedb8ff245fc4ac48c546fe533b7501e378b76520e85a6ca6bc0958568843729d45b818027b2d0a057d8e6b7a5935
- SSDEEP
  
  6144:kKEQMaOytRAv9YJGthuNEFoAO+RdTt82OqJ5tAu/YO93Io:kdQHO8RAv9YXmFt82O25tx/0
Score

10^/10

redline furga infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
behavioral1 behavioral2
- Target
  
  d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45
- Size
  
  86KB
- MD5
  
  7fff6d0a3cdbf7320ab4f7a378c92c85
- SHA1
  
  de363c54132e4276e51d6a15f95b9e157aa98592
- SHA256
  
  d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45
- SHA512
  
  cb3aef588e122b0da6efb4d3e730cd3b1a4967591919d25469e20ae8748991007531ed3bf24bb73adb73f6919ff8a6151056b116d46be3229bfa10f1faf89a3b
- SSDEEP
  
  1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9jXX8:ymb3NkkiQ3mdBjFo73tvn+Yp9jn8
Score

10^/10

blackmoon banker trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinefurgainfostealer

behavioral2

redlinefurgainfostealer

behavioral3

blackmoonbankertrojanupx

behavioral4

blackmoonbankertrojanupx

© 2018-2024

Terms | Privacy