blackmoon | e5c16ab45d74f4e8ee3dda3344a40295587e65d63a4d003c6fec0548d8b064f9 | Triage

Sharing

General

Target

e5c16ab45d74f4e8ee3dda3344a40295587e65d63a4d003c6fec0548d8b064f9
Size

2.7MB
Sample

241218-rhmn1sspgl
MD5

25518b5ad8bbaa14b44525352e7081c5
SHA1

86ccd7d3550d7d38a8eaf860afb75a7ff8615bdf
SHA256

e5c16ab45d74f4e8ee3dda3344a40295587e65d63a4d003c6fec0548d8b064f9
SHA512

e2df5063b8daf75fac69af3b070af8454880ec047aac15e5e0909e40ab9df4a5195fa179f2d6e208ccd76847b6a4959c6756b829f293ca9a52db12b21eccb30c
SSDEEP

49152:xh60XnN9WCWuwyAZasMOqGGY7OeTnRoGYuM5waryAlGCCQv/gGHbfYuolxtIwxiN:xw03NoCrwdYsH7nnRnYuSw5AICB/THbR

Score

10^/10

blackmoon banker discovery trojan upx

Malware Config

Targets

- Target
  
  采集/DY评论采集.exe
- Size
  
  180KB
- MD5
  
  1726eddc5659441e0b564bd4fdb971c9
- SHA1
  
  282948743d0df2211dedd894cecede76b15a58f7
- SHA256
  
  f402e390cd1ffd25923337fbaaf26f23014dabeffddd76a0112ffd534d44698b
- SHA512
  
  ddb7994909949d38cec447b0813150b3767573a341f94c5bb9f6faa211e2ac99b7be5bc6339745229e512e9b34e67d221def932f77610b87b2519db4c4f56aa6
- SSDEEP
  
  3072:HMt2hXu9HoKZoSUPPxyRiz5PHkz2dLlCN+leNFgOv0JB3fDe0V80i6k2:gj9HBUxvI2dLlCQlkDvo7G0i6
Score

10^/10

blackmoon banker discovery trojan upx
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  采集/EThread.fne
- Size
  
  60KB
- MD5
  
  206396257b97bd275a90ce6c2c0c37fd
- SHA1
  
  3cae4506a033cf7e97156d5261f2a247c6270f42
- SHA256
  
  64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c
- SHA512
  
  4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455
- SSDEEP
  
  768:r3gWNW3gyVNWTmOPMJcyS6K7viaViB9V5yHQ6Fq4oCaJa2OJK:TXkSTmOP0Cbu2BboCaKJK
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  采集/dp1.fne
- Size
  
  128KB
- MD5
  
  07201b1fd5f8925dd49a4556ac3b5bab
- SHA1
  
  a76afbb44376912f823f2b461507c28d2585a96c
- SHA256
  
  abebbb0981d3d51eb63abcfa68be98da0cae4e6e3b143dd431fc845d1457dbd2
- SHA512
  
  0cf673ce1b6cad38f0211231e876f00f6a8397a5f3e71680046f4a216bbe0f47f4541e5f5b49364310e41a04cce14703459725c3d9f052f9da13624e73753e12
- SSDEEP
  
  1536:tiDSn+hfeTpCwAncpZ6Z8HTiQjl1sYiKG3oe/:UDTReTgwAcp9lqKG3o
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  采集/eAPI.fne
- Size
  
  308KB
- MD5
  
  7c1ff88991f5eafab82b1beaefc33a42
- SHA1
  
  5ea338434c4c070aaf4e4e3952b4b08b551267bc
- SHA256
  
  53483523c316ad8c022c2b07a5cabfff3339bc5cb5e4ac24c3260eea4f4d9731
- SHA512
  
  310c90c82b545160420375c940b4d6176400e977f74048bfe2e0d0784bc167b361dc7aac149b8379f6e24050a253f321a6606295414ea9b68a563d59d0d17a48
- SSDEEP
  
  6144:yE+ULyjYsLavN8JFhOyccPT8oV2wQfRayWjG:yoWRVXUyhIoIwQ4VG
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  采集/eCalc.fne
- Size
  
  160KB
- MD5
  
  ed9a4290edfd23edc5f4a0cb3707a807
- SHA1
  
  6fe2d59a5cbbe2ec901ae0bbcd119363808c71ce
- SHA256
  
  1a5aad6e076c406977d650321fcb6672ba78c88fdd84f1240315a9cf5e221712
- SHA512
  
  92912faca6be1e072fb6200fffe871dd968d723db6125c48e9d5b11bd83beb9a6b0ff4a9f44ba68deef058bdec891673def895c5e7ccf71bc0204b1d50d6ef44
- SSDEEP
  
  3072:mVbBgc1wuy/KEQ3HtdYhHEsgoEMlceZYTUr:ga9uyChddYJ9fr
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  采集/iext.fnr
- Size
  
  204KB
- MD5
  
  856495a1605bfc7f62086d482b502c6f
- SHA1
  
  86ecc67a784bc69157d664850d489aab64f5f912
- SHA256
  
  8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf
- SHA512
  
  35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9
- SSDEEP
  
  3072:qOs+pOZXaFAO0shQe9lkvelFv76OD5KoUThiL5t3gIn:C+0cB+vebJ6iLTF
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  采集/internet.fne
- Size
  
  188KB
- MD5
  
  7b129c5916896c845752f93b9635fc4c
- SHA1
  
  e3fc632af5e1f36e8022e651f64eb8f8381c73c3
- SHA256
  
  adc45970f4a0eafd2f372302f64836802380c253096a99ca964677a70a7128f8
- SHA512
  
  c72dd4043e7cdc0ccefe26ce8a6d05701b4c610f88ab827e6731296da76b8cbe5b63c0970954ec7616369172b8b8f9cb546545271be3e86c18c54d0b9cad8f95
- SSDEEP
  
  3072:mpTEys+TR7yRoHzXjlhvtcxVIThpEbbAKNXoqlSY9M02MF8:mpTEt+ycLHlCIThpEX9+XM
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  采集/krnln.fnr
- Size
  
  1.2MB
- MD5
  
  301768e001d4db20f9a029ee835150f3
- SHA1
  
  7b10cb57e513687c8a89f180c2b3eb8aaace620e
- SHA256
  
  3e0651844de3362ab64883fe80a04757080ebc9167e665a7cfeebd741a0b193a
- SHA512
  
  ab9342585a56ed4075c5df0c7d38a0dc546c9f1bd821c70fd215b0923856c805ed00d54400e43fe9bd3ca49c63c68578a78152e2a397a6d32cf1b242c97c6f71
- SSDEEP
  
  24576:qFxo3Z+LtP6Xntt7TxpoyDvzsD5/83SoC9mByPM4Bi:f2P6/PoyLz7g5Bi
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  采集/libstl.fne
- Size
  
  2.6MB
- MD5
  
  01137a1360448ad861a6ccb83a777831
- SHA1
  
  25e028de99168235de30e14b6d559218906a7c24
- SHA256
  
  d1b8898fc5777ba26fe2a132df849613372ad509922070cdce368c51fe828610
- SHA512
  
  b69c431b6822ab81987502e042554848de8fe849185cad6feaf671097426e2f6d452d8bb3172f017d1dc1853c6cebb50eaec843daf141c9ef7d07a4d18f1d53f
- SSDEEP
  
  49152:vlYL8gckP0lSh4ue41iVyvnqr5Ex9NJ0+RgPnj6yfYO7XAWJmeeu:dYjVP0lzc1iVqnqdg9NJtmPZAW8l
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  采集/mp3.run
- Size
  
  200KB
- MD5
  
  aa877ef4d7d30b733c275c8d9b5a5588
- SHA1
  
  2cc6e2b8cadbbb5c6b204322c66f8301a10e95a4
- SHA256
  
  d2d991a129a2d37c8c5f3df7a593328450c34608ef036697fc800115120e6c60
- SHA512
  
  4fa2e3fe83d078de2be728a29ee893e8f412754deb6da5aa6b9d67c1954dc3f0e3781cf907c2e0901b5972dfb2df30268f94f0951b90662ddc5cae5b0a77e8eb
- SSDEEP
  
  3072:h6v8jLv8KI4t3oVP3O/7MR7R2kNbBi3t9fxVxoiAzBSu7StwHQxIJxo2FoSvijVx:a8242A/7MR7R2kNbBi3aiAOtwHaIJxo
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  采集/spec.fne
- Size
  
  72KB
- MD5
  
  bd6eef5ea9a52a412a8f57490d8bd8e4
- SHA1
  
  ab61ad7f66c5f6dfb8d28eba1833591469951870
- SHA256
  
  0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0
- SHA512
  
  1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025
- SSDEEP
  
  768:zFYJh2NrjSv4ol1WAHcTtEWC9Vm0yws7oP8NiB9EhyTWV/h2nokCqytGSgtvag/:zrrev4olRHcTtD0y7o0YUKokC7Idp
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojanupx

behavioral2

blackmoonbankerdiscoverytrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22