blackmoon | 932f8e8c2938e0d4e0f0fb281a977daef09e0b226579ff6fea60785b202e040d

General

Target

932f8e8c2938e0d4e0f0fb281a977daef09e0b226579ff6fea60785b202e040d
Size

144KB
Sample

241124-n6mr5sylbv
MD5

11b9855495b77a991db6e8728bc45f58
SHA1

9af6c0a5d31a9e83f794e8e65debca93582c138d
SHA256

932f8e8c2938e0d4e0f0fb281a977daef09e0b226579ff6fea60785b202e040d
SHA512

a3dfbb7d57b6c6348538f62c55ef09e60a9b6c89136189f3688f8b4a498e3aee9538876cb197b3e0587c3feb8394f5301468d8a1aa988122d7299664042a0077
SSDEEP

3072:S5VK0lTSG9xoC+CQpiU5M+U3mjfv2JxhGtB90N4wU:N0T9xB+CUQmjfvIxhGtBWNs

Score

10^/10

Malware Config

Targets

- Target
  
  932f8e8c2938e0d4e0f0fb281a977daef09e0b226579ff6fea60785b202e040d
- Size
  
  144KB
- MD5
  
  11b9855495b77a991db6e8728bc45f58
- SHA1
  
  9af6c0a5d31a9e83f794e8e65debca93582c138d
- SHA256
  
  932f8e8c2938e0d4e0f0fb281a977daef09e0b226579ff6fea60785b202e040d
- SHA512
  
  a3dfbb7d57b6c6348538f62c55ef09e60a9b6c89136189f3688f8b4a498e3aee9538876cb197b3e0587c3feb8394f5301468d8a1aa988122d7299664042a0077
- SSDEEP
  
  3072:S5VK0lTSG9xoC+CQpiU5M+U3mjfv2JxhGtB90N4wU:N0T9xB+CUQmjfvIxhGtBWNs
Score

10^/10

blackmoon gh0strat banker discovery rat trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

1

T1046

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blackmoon family

Blackmoon, KrBanker

Detect Blackmoon payload

Gh0st RAT payload

Gh0strat

Gh0strat family

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Creates a large amount of network flows

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2