Overview

overview

10

Static

static

10

cs2(解�...��.exe

windows7-x64

10

cs2(解�...��.exe

windows10-2004-x64

10

cs2(解�...��.bat

windows7-x64

7

cs2(解�...��.bat

windows10-2004-x64

7

cs2(解�...��.lnk

windows7-x64

3

cs2(解�...��.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    425f015232a22e4449925637e16ef612995d44cad31d4884f2d2d64c6c610a71

  • Size

    15.6MB

  • Sample

    241124-qbkqeaxkhl

  • MD5

    b236016daf53914cf3b8ab92cc7a2d26

  • SHA1

    bc8af2e3abd60733d93fee32bd53df355c7d24d9

  • SHA256

    425f015232a22e4449925637e16ef612995d44cad31d4884f2d2d64c6c610a71

  • SHA512

    60cbc75e6314519ccc862764bacf3fa3b0f9b4781198f63222b494321787796356cd94336a9c64f48a4de9e31e41d2e7959e310c52dcf3ca0c9bb6008233fdee

  • SSDEEP

    393216:dN94EyVLJ2ucvfBr28mlgKsgv5fqn6N/VbxLA8Mt:dn4Ea2zvJKwDU/VLAXt

Score
10/10
blackmoonbankerdiscoveryspywarestealertrojanupx

Malware Config

Targets

    • Target

      cs2(解压我出来)/2.辅助.exe

    • Size

      12.4MB

    • MD5

      b53755b010c15f27f80bec7142571418

    • SHA1

      1fe811cd9e1a85ee80ac1c86b069720eabdee5aa

    • SHA256

      a140c911d441740e4f86893f5ec8f540ef068835c07469f15fb42cd0777b06ca

    • SHA512

      74ec5e99e3372e1d62b5443605ca18b50e7697e1b22e893167532c81b929ff8ff4d2e66fd94474acfaf41354755904242c85fae92e293ae54643ad98abfaaf50

    • SSDEEP

      196608:gEMMbJeJIC/znXw+zMgWTN/pPd/iwY1fotpsAnjFvBxYu2Zkd4id+piKocDLi9yg:gPM2LwSapPd/ICu8h5GuGat+n2

    Score
    10/10
    blackmoonbankerdiscoverytrojanupx

    • Blackmoon family

      blackmoon

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      cs2(解压我出来)/5.清理运行痕迹.bat

    • Size

      1KB

    • MD5

      8237ad23a32cc4ccbcc5209bf17d13d8

    • SHA1

      5bfcc2f6dad8da5ccfd5c734cecbebb89d5aa2c0

    • SHA256

      0d55963f57d63c797e4f4c554cb1ddf43c05b057b6fa0d5fc2b3025c348f6a39

    • SHA512

      4dfd7a56b1e4203cac6d5cf62935c469d2430f0fd6c43d91c332e94928831d832ff1c355c0879c802cae0fe4efb642f4bf9748e97a518f32fb692c8a16649508

    Score
    7/10
    spywarestealer

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral3behavioral4

    • Target

      cs2(解压我出来)/数据执行保护.lnk

    • Size

      2KB

    • MD5

      343ac8d31616622a594aed6bd5c5777d

    • SHA1

      e280645eb60704e63d06afc1521945a03650110a

    • SHA256

      fc01a1f8692a09e2f9a2b19dfdb6dbe403a2a15090e5879a2a310f9dbc1338f7

    • SHA512

      ba77e48dcf749c0f8d22e7f9519b5070b86bbe5bdba9e288eec0314f25b4c4748ab1cd841c5c5f96fad18ee8810fb748d22fea86f36e35e4100fcfaf97cfefe3

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks