Overview

overview

10

Static

static

7

龙神5....M2.dll

windows7-x64

7

龙神5....M2.dll

windows10-2004-x64

7

龙神5....KY.dll

windows7-x64

10

龙神5....KY.dll

windows10-2004-x64

10

龙神5....13.exe

windows7-x64

5

龙神5....13.exe

windows10-2004-x64

5

龙神5....��.url

windows7-x64

1

龙神5....��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93827acad3e7a19ef2ffa0d49a270474_JaffaCakes118

  • Size

    2.2MB

  • Sample

    241124-j688xsxpbp

  • MD5

    93827acad3e7a19ef2ffa0d49a270474

  • SHA1

    edf3dcdd3d0b997c094ee250083db0d3a6d8ca35

  • SHA256

    b7cbf65667ecb8abde3b7953fc24056ef9cfdf70cbf9b680d5a602904a6d46e6

  • SHA512

    4ca6921f74216765d436e190c30e59d86f51fd91bb5a0e3c6f1315e78e967f2f303d2e03f3e9a18e81154b7e5bf74aef9fa79cdf3b3927ca930cc5ed824a428f

  • SSDEEP

    49152:cs96nTjbMiEy82ZhxftTr4PIqiGMfsfsf7LLekZlxHkSZF:cs96TjbMiEr29tT0PQfBfzesxE8F

Score
10/10
blackmoonbankerdiscoverytrojanupxvmprotect

Malware Config

Targets

    • Target

      龙神5.16免费版/3KM2.dll

    • Size

      406KB

    • MD5

      f2f14accfe7045b558defc3646fbbf07

    • SHA1

      29c37d35e32382f61762555ef6dd76800f3d80e6

    • SHA256

      226ace4fa47149fac0800b0d1d86589793b65bdd759a42260d1517dc7fc694e7

    • SHA512

      1ad043c942afef5f253ba930aeb13d93f3a0810ff3ab2c9b005754764df8274094d8b7424f62842efbeece46e23962d9bb7bb52a47747e85f321c398a027d986

    • SSDEEP

      6144:8NuB3BoTGPrt6t6kfmyfipnivTQL40WQilqnoK0SRjEfHuifZdyERISFk:xBvPrOvyITU40WQQDS8HuiRFhG

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      龙神5.16免费版/SKY.dll

    • Size

      733KB

    • MD5

      aa1d57ec487edb3d00281ecc8446e262

    • SHA1

      a6f2de04e6fe3cd325c285a3e9620473dc0ce5a8

    • SHA256

      23c2652bc50f2fcc75bccd85acd2d3001dedd8ad860101642f9d055474726ff6

    • SHA512

      3dcad1fb2c9e807aa2e6a493f103b210cbd89d9f22071b40fece991d8303fc7afbc89e83c9f24789840a7315e2e781078500abbc582eb95db0ee2d15dd841392

    • SSDEEP

      12288:3gi7mpVdet6O95j4ZSLIP6DJVNApOsldlmwhjouHHXZfraqftTQzk3wer:QImdaF/js+opOMmwdnJftT93z

    Score
    10/10
    blackmoonbankerdiscoverytrojanvmprotect

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral3behavioral4

    • Target

      龙神5.16免费版/龍神辅助免费2013.exe

    • Size

      1.2MB

    • MD5

      0c86ba62696a66d888b175b3dbbb33d1

    • SHA1

      60e544b4b4e92abae676e74f792fca10fff93de0

    • SHA256

      415cd9908d298c5863ccef8b5caf2a50317b775a909c34681552815ca342f8b4

    • SHA512

      2415891cb29cf06019e48d6a33d818ac9a579ba2891bc7ec90c8a7bbc232a45e9304cf0f34980bf913890265caba9b714f84e65a6b119b8e5ba2cb235a506691

    • SSDEEP

      24576:N/4Pf7/27qSknPXduZiFfs5Pt71DjPpwVR37Wlrh/3Zk2205I:N/4P0qSQMZ8fsb71DUWZl3Zk2ba

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      龙神5.16免费版/龙神辅助官网.url

    • Size

      176B

    • MD5

      6b53791e0153110ae0efd036a4ada125

    • SHA1

      fbe6ea138b8fdbcd355fec055f65bdab0b263b81

    • SHA256

      cad5d2ff0a44210cae79ac9e2522cfd38f6e22db8e8fd734e3858d39181c718b

    • SHA512

      a0dc9ecc109d46b74b324bfa464956ca10b96c68244e2d060e1abd14b138083462bdf0c8ab562efa08cc93a581e9e3514e009c4315432fdfa8928ff9fd4f495a

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks