blackmoon | 3a2576374b78295aaa2b2af46e3e78bcf9f74784c3e2759f1c94b12de81b61e1 | Triage

Sharing

General

Target

3a2576374b78295aaa2b2af46e3e78bcf9f74784c3e2759f1c94b12de81b61e1
Size

8.4MB
Sample

240909-zl3hms1fkd
MD5

35eb63082239f24fa56c425f15ec1c2c
SHA1

ce56fdf3fd0c9dc85a4a162312e91f106891fdfd
SHA256

3a2576374b78295aaa2b2af46e3e78bcf9f74784c3e2759f1c94b12de81b61e1
SHA512

e183ea2dece61b1bdb916464ec67689da1325e000ca49b806c5dc0d43c9e4481f405becd2edbc93654d99d9987eb4bbc8bcb819d39b6457c641fcb86c4780307
SSDEEP

196608:3pt9VWIZAnGkibqxKRwS7k7BX2WEwc3APEfkofUofj0uPO:3f9MItkibtWywc3f7BO

Score

10^/10

blackmoon discovery

Malware Config

Targets

- Target
  
  RPA截流大师红薯一键克隆/HPSocket4C_.dll
- Size
  
  2.8MB
- MD5
  
  1cf6b966365f29d060154fa5eb5c7f72
- SHA1
  
  bb110d37a96878c8c024a450d0b09cc28ef03cf0
- SHA256
  
  0e11b955048104466ed8d86db346628c1b30118ae116fa0428b0c34f486d8cf3
- SHA512
  
  6bc266813f4518f1b5e958c047972072d6d43996add9587b3c3b7ac64e2406784a2240cc9b815f29208b9b3ef77e0b647a1201ef39aab10eb3bec297294d2dad
- SSDEEP
  
  49152:Xq1RHWr0AZYw7BC/5Xn1O/C/0QqO8CVMGZ/FXGp8YYIwSX:Xq+ew7wXnc/YXVMGzpYY
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  RPA截流大师红薯一键克隆/RPA截流大师红薯一键克隆.exe
- Size
  
  3.6MB
- MD5
  
  0b350f344a2529eb4abd9e245b2e86f9
- SHA1
  
  01019a6076fe3c1dd76897a02b901a37370740f9
- SHA256
  
  6b1be01df6ceb489b3ae296df8313367f3a5c414684450d235c356f4df8a00bd
- SHA512
  
  36ec86ec138efe30ef0c3e98515b1e9c5d93f1e8093ca831e5d96723328e00c4231c70e7e172436b22d8ef98fc4a11bdbc0c08c9a268cbadb472c9395efc0d09
- SSDEEP
  
  49152:XYTdw6Q9ek1KV7lb5PGuF2yWsU80+NP5cKAXeDwLjcB1ORiOKEB8xtKc1oBreLvz:oTW6yFKVJbj2/KjSzHg1OcOL80kHbYE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  RPA截流大师红薯一键克隆/Temp.dat
- Size
  
  3.7MB
- MD5
  
  73b7be415c37e381a8c61f1e55a884a4
- SHA1
  
  1cd8eb77e9dd04835342a7253181892638359956
- SHA256
  
  4a5da7639f04d6e5b13856877140e4bce5346cea037187c45cab045844114872
- SHA512
  
  51c33a753def581a8f99e063b3952f8f6fcc1c5b736b77455c1f711da8deca19e976a94424982013941d138367b8327df8e6c6752f4a2bb574b706408905d234
- SSDEEP
  
  98304:ah88IjKp7BPOxad+N5c76EOUG00bfCU2gpNk/bEgNULb06q:ah88IjSVGxoYHEJGxjCQk/bF+Lrq
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  RPA截流大师红薯一键克隆/libwebp.dll
- Size
  
  480KB
- MD5
  
  1e8f59c53d4437d1e841a769acbd9637
- SHA1
  
  5510d5ef6726f12fbc9d8e487766b901cd71f0c4
- SHA256
  
  253e2ea285f9662694f617617250ac261099f621bee75ba7c8403a8058ea801b
- SHA512
  
  731a654b75b89b3997d2b1d1fab9105d5b460e7ddb3d78723e5ae0835b51c059b7d2f373e6150f1a10b57876e927e76c294b14b88076c45e2671f61dcdfd5475
- SSDEEP
  
  12288:WldHS+Cp7u326sy68gNEhomCnhydt3s0HcbuSlhZP:YHS+Cp7u326sy5t21aVH
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8