blackmoon | 5157d47a30bab9bf0395e69f35ead5f6dafe0d10a9d1c6095e87fbc4c0ed50f5 | Triage

Submit
Reports

Overview

overview

Static

static

SkinH_EL.dll

windows7-x64

7

SkinH_EL.dll

windows10-2004-x64

7

skinh.exe

windows7-x64

7

skinh.exe

windows10-2004-x64

7

民间偏�...12.exe

windows7-x64

8

民间偏�...12.exe

windows10-2004-x64

8

河源下�...cn.url

windows7-x64

1

河源下�...cn.url

windows10-2004-x64

1

淘宝热卖.url

windows7-x64

1

淘宝热卖.url

windows10-2004-x64

1

Sharing

General

Target

adc6b847b8fd2d60928cd932055ff78e_JaffaCakes118
Size

7.0MB
Sample

240615-lh1yrawamg
MD5

adc6b847b8fd2d60928cd932055ff78e
SHA1

f559ba6de2813a80e0f15e205cc18ecb0ae5e4ff
SHA256

5157d47a30bab9bf0395e69f35ead5f6dafe0d10a9d1c6095e87fbc4c0ed50f5
SHA512

ddf390d896ce8b4e79732875234ed1d5348a35d80b5a0c4c9a146da8d48fd01d33122005e148ee6616a435ae2648ff52efe3b5581f1e31e579d1f33fc57e78d9
SSDEEP

196608:laZOpvNNWueR9r37YqJe9WByAm6xGxKWoKZM:lH2nDcV9WByJ76

Score

10^/10

blackmoon persistence upx

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

SkinH_EL.dll

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

SkinH_EL.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

skinh.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

skinh.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral5

Sample

民间偏方查询系统v2012.exe

Resource

win7-20240221-en

persistence upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral6

Sample

民间偏方查询系统v2012.exe

Resource

win10v2004-20240508-en

persistence upx

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral7

Sample

河源下载站-cngr.cn.url

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

河源下载站-cngr.cn.url

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

淘宝热卖.url

Resource

win7-20240611-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

淘宝热卖.url

Resource

win10v2004-20240611-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  SkinH_EL.dll
- Size
  
  92KB
- MD5
  
  ae820a1f98036c10f496d36f81ffaabe
- SHA1
  
  204dd155d611ebabe576fe5bac347564ce1962c0
- SHA256
  
  a66fe38569509859837deb6481deb3f2af8e2de1bdf63f1ce2719f693dcd1ed1
- SHA512
  
  7f66137b5c30cf766118c2dfcb53fff53ecd346229bfc148ef6b8548c2e5e8fdda2eb84d29468c89b01a8f8214fba445aec8feb6bfbc522faf361782c08f71f6
- SSDEEP
  
  1536:7fAR8VYisvvWWqaiPFGXcI/F5qBovN7m7Vs5R+qp5LefUpWX51EEtpa1JRww1cvb:7fxqNmWqaiAZSovdc7qHXpWX5XahjcvP
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  skinh.dll
- Size
  
  1.8MB
- MD5
  
  5300794ae1fe8cc6887c773ea265a33a
- SHA1
  
  eb047849d0dd9e851358351a957ef5a3fde28453
- SHA256
  
  448df9612c307bced9e5bc6d55e00e80c9725a9c779909867287b502c5ee1b20
- SHA512
  
  54ec202673ac876837c01a4ea64f25d2c23159a744b3336284fdae6c44379f9056085db2c6b3de7cc928ff0817bc90a128744af1f3e689e7d163de29a378e666
- SSDEEP
  
  49152:chDFXXEgqFcXuO0Yy8BN6qq4KTr5ZwhWILOewn:2d0zgN6qq4KTr/eU
Score

7^/10

upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  民间偏方查询系统v2012.exe
- Size
  
  60.3MB
- MD5
  
  969400d89a896e022c750a8e3070895d
- SHA1
  
  8eba99227b817fbe868854d3bb360ff3ed7822f0
- SHA256
  
  169a5a6c347a61a4ac8c0f2bb3c3e5b4196861d84cb3e9abbdbc42690989f038
- SHA512
  
  a667bda7195f78ba61259518e56120b30a49af84aea5ab52d3f81e257c86da85e9ac2145e3f552ea1309ec29e4e139cdf6288f4967e08f51dfcfb4f384a1c16b
- SSDEEP
  
  24576:RjPJbJv7sOcAbPI8iVFPTKQh4Owrn2kyFcwQoJ:RxJzv7cKRrvyFdJ
Score

8^/10

persistence upx
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  河源下载站-cngr.cn.url
- Size
  
  110B
- MD5
  
  87d5540eb47b60f225cc6d5e9ec5d3b5
- SHA1
  
  bb87c8cd2721eed95ed96cfed3c23a71dd636743
- SHA256
  
  7503e8e9530726e8934149fb2afc1a9638d8a4727cc05c6bed1c1b1539dc43fa
- SHA512
  
  ed81acc65c042f99ed20b511a755606e13619ddbd7e05125ecbcf5342ac9239329184d8b1b45d47ee4fc0ef4c62e06b2bd806b73f0f5c852173798e76d23a951
Score

1^/10
behavioral7 behavioral8
- Target
  
  淘宝热卖.url
- Size
  
  384B
- MD5
  
  959444600790e569e917523917654610
- SHA1
  
  bf62acd4e2059dcdf7dbe9b1c343a436212ff784
- SHA256
  
  3f5d98f266fa246282bbda9fbe2872e1a6c28452a14bb3b2fa80b8498ceb9f93
- SHA512
  
  982c307aaa05bac10e079e4bc59aec4adc64f5c48a70dd67d57379e7e4e36af63e77450d55a1c895dc9dc26601cc1e9f11353378d2151f6486f480cdf6f0a9b7
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

© 2018-2024

Terms | Privacy