Overview

overview

10

Static

static

10

LH_0818_备用.exe

windows7-x64

10

LH_0818_备用.exe

windows10-2004-x64

10

LH_0818_正式.exe

windows7-x64

10

LH_0818_正式.exe

windows10-2004-x64

10

蓝屏修�...��.exe

windows7-x64

7

蓝屏修�...��.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2a44e3e8ab7b948f5785be549f72ea9d783b5f9348f3f8403ad0f16418e3d133

  • Size

    117KB

  • Sample

    240821-ylntta1dql

  • MD5

    39523913b48356904969ec2c39bc3f50

  • SHA1

    7e751d90f168053acc44faab9cb596599e1c7b5f

  • SHA256

    2a44e3e8ab7b948f5785be549f72ea9d783b5f9348f3f8403ad0f16418e3d133

  • SHA512

    445487c99a4327bd1b95b80d281205aa0fc60d59ad4281b3462dc637aa95c725c90a8ccd78d6337b9f322c6b8efe4d01eb466c91e7b12414c454bcd3090ae4da

  • SSDEEP

    3072:GRzgvwFw126eRfHvYT+tWNwmpiMStm8Uo9IvQ+Nr6tf:GRzTe1jeRfU+8NwmQ5FYbNs

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Targets

    • Target

      LH_0818_备用.exe

    • Size

      57KB

    • MD5

      49ea36e91b075eb6c8959f74a029deff

    • SHA1

      c220cae57d676802540983fe7b1a28f53af63e2b

    • SHA256

      3ea51d2d8fa1c3a16cbc95a9420df057f8481ab4ab96ada9690dbc3704fa89b0

    • SHA512

      81f5b9c31eb89452ff25321d89317e308812bddb87070869a06b9e02a5831dc5d96c44088c534c8fa9e7e4e8265324c3c9086ae75cfd86deac1d69b0a451b8a2

    • SSDEEP

      1536:vLj0/cIGwryyl473eFbNRYcp/jZhvZEQ55oDGDKy:8/cZoyyy0bNR8tF

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      LH_0818_正式.exe

    • Size

      57KB

    • MD5

      a5c6197159ee8407366dadf2b2d525ce

    • SHA1

      3c0114e3829e4479822f9229729a69f427d9044d

    • SHA256

      8f97acce4ef601abb02825cc14e7af566c2c41a5adda18ce8b961064abad3a78

    • SHA512

      20db885e563730202db008917bd2e912d8f889852c4d5d8adb3390eb6c56ce5fc9f949464ea5e565f1341def91e1d15602c80c3f99786c03e9a057b37b78e4af

    • SSDEEP

      1536:iLrgWqf3ybs4Ex6JlrafvOboJR46yONCjEzYFvp9IYqu1ie:jWWyTE0AlJ2kl161

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      蓝屏修复(先运行我,在运行软件).exe

    • Size

      7KB

    • MD5

      bf8d9a251b57a55344d3c3946b0aba68

    • SHA1

      b98af487c32069d7a2da9a6c21360fa8085aec0c

    • SHA256

      ad9b8cfdf798d412f4ef8eb15767a00cad918244e483b2cc1b45e6391711a116

    • SHA512

      cafff203091e615b500b776039d4141f2feb989c50ac32a734a9c54031579c5c07fec87cef160fa951c4ffc147baafb75d07ef88e4b94173e1c45d51223b3e40

    • SSDEEP

      96:t2irou1bK1XMQwN5NRT+BA00Tk7i1uZ1hQtSRbgbJzEXAffzYfjXjpf/7fhnijzJ:txrouI1U5T+Bb0UVfhQtSdk3EJ7m3W1

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks