blackmoon | e2ed151644751857642731ecc083e483a0c5b21a5abd02eba99635b34797978e | Triage

Submit
Reports

Overview

overview

Static

static

小林子�...��.url

windows7-x64

1

小林子�...��.url

windows10-2004-x64

1

逆战济�...��.exe

windows7-x64

逆战济�...��.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9f3d2522374889dffd8801b59b2cb19a_JaffaCakes118
Size

1.6MB
Sample

240611-xr4xjsxgkh
MD5

9f3d2522374889dffd8801b59b2cb19a
SHA1

9517d3e2ce774a0bd31ee00886d606f986b0e1b3
SHA256

e2ed151644751857642731ecc083e483a0c5b21a5abd02eba99635b34797978e
SHA512

b4c3ce8d0028c19d51ac465300de5c655c5692ac59b05e7eb1d98adea184a872604ccbf618b89f0a72194944a79158f2d0e13e37ad0787443a2eaa1d9990fc1b
SSDEEP

24576:Gn91Vx1gUqG6XwluLA8j2WNiRSSSkNqBlvwHWAY90WfQ98ztLF0y5haC9qHLzaXq:arqG6Xp2Wk03kewHWjE4LF3UhHLzaamq

Score

10^/10

blackmoon banker trojan upx vmprotect

Static task

static1

vmprotect blackmoon

4 signatures

Behavioral task

behavioral1

Sample

小林子下载站.url

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

小林子下载站.url

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

逆战济公收费版1.4版本/逆战济公收费版1.4版本.exe

Resource

win7-20240220-en

blackmoon banker trojan upx vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

逆战济公收费版1.4版本/逆战济公收费版1.4版本.exe

Resource

win10v2004-20240426-en

blackmoon banker trojan upx vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  小林子下载站.url
- Size
  
  210B
- MD5
  
  4e9af31486132c10da5bdb701fdb556e
- SHA1
  
  fb77280de1e50f13ad2858c3bdb0ae9113298425
- SHA256
  
  2c2c06ca3dcafe805ccc81a84ca70ecd42266bab02101bbe2c7b19ca77612f56
- SHA512
  
  47a7966064d40dcb6fc2299f9dfa3956e035a6a87d27b28e49a9821a13fc5765b1281a0ef12066e6163650806800d9eba0a42b139af8f545b01a0d92359818e5
Score

1^/10
behavioral1 behavioral2
- Target
  
  逆战济公收费版1.4版本/逆战济公收费版1.4版本.exe
- Size
  
  2.8MB
- MD5
  
  858ad959b21b0b1b8d7a8bcc2f2597b4
- SHA1
  
  262bbdacaff5c17c79b1f88b6752003fe96b8f8b
- SHA256
  
  2886e4bf3dee35ae909efa7f1d1e1ddd8be63aeee2440ac9118180aa9a31f58c
- SHA512
  
  8a06afd2ee18731da70092b62bab095f15e25a09091544e7d7a46bba1b27dfd632128795550be777ba17fad97ecaae3072fbca5d10045720cb2b954ae1b4330a
- SSDEEP
  
  49152:akNHmhAAu2in4utxjjNvvJgm3cYM0P0MGc0gf9Aux96a9AIr43TyHbAm8+X0:ejin4utxjBvvJgbgnFGIr4j8Um
Score

10^/10

blackmoon banker trojan upx vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

vmprotectblackmoon

behavioral1

behavioral2

behavioral3

blackmoonbankertrojanupxvmprotect

behavioral4

blackmoonbankertrojanupxvmprotect

© 2018-2025

Terms | Privacy