Extracted

• • Target

    cf4ad6b7a2847cbfd2060d56490c6d830a650ae039d852993b71e9b65810161c

  • Size

    14.6MB

  • MD5

    8a83513d76f1bb8214d85aadffa1396c

  • SHA1

    dcc18ab1b88c612fe97b96ce4a599cfb585aca15

  • SHA256

    cf4ad6b7a2847cbfd2060d56490c6d830a650ae039d852993b71e9b65810161c

  • SHA512

    0b7f80e1575e1f01ba3cd9090930c7e679ac57b18d077dbcb881a0a491e79a9d5b0c3b906e6f55a89ca40cffb5bc012345fa57167dcb9a8d94d375596c545110

  • SSDEEP

    196608:WVS3Js0u+4HgYeWQeyO2LgeQcZY5EIcWcMECVpQuH5sm9D0qRVXKZWNE/EUCoR/j:olAKa14dcWVpQPu0qR2WNloR/LqyV

  Score

  10^/10

  blackmoongozibankerdiscoveryisfbtrojandefense_evasionupx

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon

  • Detect Blackmoon payload

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2