blackmoon | 61f86ffa3c979fcbe92708869f287e8ddafdf849b5c1e6a1ab4457c0671ebbbd | Triage

Submit
Reports

Overview

overview

Static

static

61f86ffa3c...bd.exe

windows7-x64

8

61f86ffa3c...bd.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

61f86ffa3c979fcbe92708869f287e8ddafdf849b5c1e6a1ab4457c0671ebbbd
Size

7.8MB
Sample

241009-qdsh2aveqj
MD5

a8552c7376b5bd5ebb98d0c2e8671e1a
SHA1

73902a9c6225b7933b5ffc4d5a2aca63aa424fde
SHA256

61f86ffa3c979fcbe92708869f287e8ddafdf849b5c1e6a1ab4457c0671ebbbd
SHA512

34688bab5fd32cf4e505cc79b7108bbd8ee6281c16417b1eda14a543f59561f2aef33bbdbafc69d5ccf556c6574b61bdb5db5cbe86b8f0646277b4f3dd286465
SSDEEP

98304:LhCCevWQodtVPdig1QOu2AA8lbpHhB8sr3xeRPFSEeX6v8k4kxnDHYS2nwFJBAUU:d74A8lV/meXJ9eDHYS2nwFJVrk+M

Score

10^/10

blackmoon credential_access discovery stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

61f86ffa3c979fcbe92708869f287e8ddafdf849b5c1e6a1ab4457c0671ebbbd.exe

Resource

win7-20240729-en

credential_access discovery stealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

61f86ffa3c979fcbe92708869f287e8ddafdf849b5c1e6a1ab4457c0671ebbbd.exe

Resource

win10v2004-20241007-en

credential_access discovery stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  61f86ffa3c979fcbe92708869f287e8ddafdf849b5c1e6a1ab4457c0671ebbbd
- Size
  
  7.8MB
- MD5
  
  a8552c7376b5bd5ebb98d0c2e8671e1a
- SHA1
  
  73902a9c6225b7933b5ffc4d5a2aca63aa424fde
- SHA256
  
  61f86ffa3c979fcbe92708869f287e8ddafdf849b5c1e6a1ab4457c0671ebbbd
- SHA512
  
  34688bab5fd32cf4e505cc79b7108bbd8ee6281c16417b1eda14a543f59561f2aef33bbdbafc69d5ccf556c6574b61bdb5db5cbe86b8f0646277b4f3dd286465
- SSDEEP
  
  98304:LhCCevWQodtVPdig1QOu2AA8lbpHhB8sr3xeRPFSEeX6v8k4kxnDHYS2nwFJBAUU:d74A8lV/meXJ9eDHYS2nwFJVrk+M
Score

8^/10

credential_access discovery stealer upx
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverystealerupx

behavioral2

credential_accessdiscoverystealerupx

© 2018-2025

Terms | Privacy