Overview

overview

10

Static

static

7

十彩0909...mp.exe

windows7-x64

7

十彩0909...mp.exe

windows10-2004-x64

7

十彩0909...��.url

windows7-x64

1

十彩0909...��.url

windows10-2004-x64

1

十彩0909...in.exe

windows7-x64

7

十彩0909...in.exe

windows10-2004-x64

7

十彩0909...��.exe

windows7-x64

3

十彩0909...��.exe

windows10-2004-x64

3

十彩0909...09.exe

windows7-x64

3

十彩0909...09.exe

windows10-2004-x64

3

十彩0909...09.exe

windows7-x64

10

十彩0909...09.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93b3e84a47e660421ba8a943fdcf704e_JaffaCakes118

  • Size

    22.6MB

  • Sample

    241124-kzypaayqak

  • MD5

    93b3e84a47e660421ba8a943fdcf704e

  • SHA1

    414ac66916849095269e48f733344a551ffa2939

  • SHA256

    c896123aa5ab5f9d99e90e14b6ca824a8ad1a436eb6daa17078a023c3b6fcd71

  • SHA512

    ac58ff0aa70b7e1195895bdce56cc031bd83cee0d98dc7edeb405245e9a8731bd1d32d9f11752e6187c5b42909a5d0bc0364a169f5d7d4fd2a43dd4fb7b16e39

  • SSDEEP

    393216:BYXqzu2LR4kZUcUoy6vI6c3sgQjLsdygdC12ZvG68Qnwcun9CzhjATzvF2LBVEp:uXWpdrUoy6A6wbudWp49glEzd21VEp

Score
10/10
blackmoonbankerdiscoverytrojanupxvmprotect

Malware Config

Targets

    • Target

      十彩0909正式版/CD非凡登陆器处理器/十彩CD(非凡)处理器.vmp.exe

    • Size

      594KB

    • MD5

      d834ebd846044c6b9e88591a51106c37

    • SHA1

      b5b2b0b9ea296d31c1a2ada168b01f7e0c7bb204

    • SHA256

      b03ac3f05d7a04c262ab9101ea04e3787a21469e7a35d285c3b6328fe68f6132

    • SHA512

      7aa17d3d7235ed3dc3115d2620e4aa7855a2120c18ed44ea8075d1ded0201b9e7e83c32c8b7722ff81ed539715b6f692eadbd97300fe402cb13f94d792481a38

    • SSDEEP

      12288:rcAAKh/WSbeKiWHggPEMMh0L7AL2tys9ARIT4XEJpBfxtulA:Ifs/WS6MggX37Y2tyLo40fBfxtu

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      十彩0909正式版/会员办理.url

    • Size

      183B

    • MD5

      9254d354fbbf33ba9ebe003a2bd42667

    • SHA1

      f65b3abb2dd965f19535bdba73d3d7f8840c0daa

    • SHA256

      5e7c0329492547ceeebfa9392b7bc67bedc18300e818dbd47b79fc5e3b7e7b16

    • SHA512

      776628c5ed9e7329dba3b0d4eb9281649b8048a9b7a2c476748b674b44d270060727ebf0d6aa5f03ceb30bac25b21aa26cd4ce0f5459a916e34f8650cd54f4f0

    Score
    1/10
    behavioral3behavioral4

    • Target

      十彩0909正式版/十彩DEE处理器/win.ini

    • Size

      620KB

    • MD5

      333305e01fa304de76be7d2cce45a189

    • SHA1

      598e4ec8c55aa13b03944c365d87d426137a0534

    • SHA256

      40e5d7f05a82640005fa257c470c2bf0f5063d911c878e536ae09c9f3473fc67

    • SHA512

      ec3366eb6a42d039dfcd50bfc891f4793b548b377b1937114a5ba3d67bc694c19754739a5e9c5f3bf6629ae1a85e30fb679b45942ab183556f73d9b7fb7f7daf

    • SSDEEP

      12288:Pch2doxlPGFrVN/xYYK21QV4Ps39oy6+F0zJFa7N0Pld+BLBp4N9rUxvyg9/:PBoAFBN/Gl22mLHT67ePE47Qvn9

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral5behavioral6

    • Target

      十彩0909正式版/十彩DEE处理器/十彩DEE处理器.exe

    • Size

      18KB

    • MD5

      ec68f38c812a5fa9181e736191210ccc

    • SHA1

      50c188edca20ec6a3fb156902e5220e301f95e9a

    • SHA256

      b88975bb57dec23adaddfaa08df58bb7470294ea60c10e0ae250e337088091ce

    • SHA512

      36a3fb16fff035107934579d1bf269eaeba702d98a21926108f2d9692059538f2e2dbe44d694c29ba5558ec0819b8aff4333dc66def4e41fd78c21934c463c1f

    • SSDEEP

      384:jHcVj/A04Cpb0l1IcdqfNCyR+vPLjhLO2CBjqSZ:jHcVj/A04Cilfd2NyPLeqW

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      十彩0909正式版/十彩Vip-0909.exe

    • Size

      9.9MB

    • MD5

      38dc1561f2dc0a3881ccd406479363a1

    • SHA1

      c890820de9148a5742cd415e943f2e7a61d1c056

    • SHA256

      a66a10ae27c74aa0960b68f92a0c8d76dc63fe08cf5637dc7ff119dc2bae403a

    • SHA512

      a5ecdaec4c7673865cb1a731f02264f60c5ed938266a3a83527a95a32bde9b63e4012757f0b11da842d7b8b44b0c631aecdc387e5eb6816a254ee90c816ff743

    • SSDEEP

      196608:REky+XOrki0MWT4jrQG4jywuqvtf2pt4jVWNR0dm73rYGa1RBAycRryo3YN1irx1:OJLIh7K456RaMrYGa145VPYN1irxviN6

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      十彩0909正式版/十彩Vip-0909.exe.bak

    • Size

      9.9MB

    • MD5

      62f81f8f10d6824546eccf2c0de1f10e

    • SHA1

      cda58f1fc63a00c2720b32988a475165e7ffb13b

    • SHA256

      7de80d3b2d8284b4b0557f8b70bc37c0a052b30f110a409662b153694d2a293e

    • SHA512

      9c0ca6beee9906dec423ce024ae12fa7ba6007cf6a5f7c7a5afb42afdb5be0abd93b1febe3d34a5d65cab741e61c31a528395f598956131bc1ed74b95bbbd691

    • SSDEEP

      196608:REky+XOrki0MWT4jrQG4jywuqvtf2pt4jVWNR0dm73rYGa1RBAycRryo3YN1irxU:OJLIh7K456RaMrYGa145VPYN1irxviNX

    Score
    10/10
    blackmoonbankerdiscoverytrojanupxvmprotect

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks