blackmoon | 634249ce49bac5e04a5bab89e07aad52d70344f89a28dc3b71c0360a6c1e66ec

General

Target

634249ce49bac5e04a5bab89e07aad52d70344f89a28dc3b71c0360a6c1e66ec
Size

8.0MB
Sample

250120-g4tdksvrev
MD5

6a8af7271908fd98428c382f99689b7a
SHA1

021b49ea3e151e53fe689bebdc9d78d0a92f9c83
SHA256

634249ce49bac5e04a5bab89e07aad52d70344f89a28dc3b71c0360a6c1e66ec
SHA512

5b51ab03dd87aa0418c1899a6c3466eb4f68f5e2d10b15f37554f0e31317ba087160e44839649b4805c84b61b1ed52a4c4d279c35c6f6cc0804357c7e574c85b
SSDEEP

196608:6UgWi5QbfXGOPcebUvljJYJTag2HjNPsMr2x0R:6bQb/bPgvlmTypPd4S

Score

10^/10

Malware Config

Targets

- Target
  
  宇宙至尊白蛋[盾].exe
- Size
  
  8.0MB
- MD5
  
  22f555425d4404f03bcafd42fced07d4
- SHA1
  
  117ec5132e79d74bcdd4d14f5ec3ccd25ef385fb
- SHA256
  
  3a730d0a2c682aa968de451e20db416fdee2765f51c0beac31c125accec60c87
- SHA512
  
  5e3ee515bac2fde8dd8dce0627c40cadf556e25ede3eb07873bd40044fb82c42c852e9441b05b4f493835610d853e16b8cffae6de77e3e69826042d390fb910a
- SSDEEP
  
  196608:wyMc2B8tZlGwXas7efBtZYl1eSm3vtt8ivsZcN:wX8tXXX8fBghOVt/QU
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  cmd.exe
- Size
  
  944KB
- MD5
  
  a76c226baaef6352380bbcf17442f554
- SHA1
  
  163d718deec12af5a5764941377c8a59ffb93e84
- SHA256
  
  2418a667c78233cbd6cf0899cafe5aade8298e5ebde9cb2977da68258aa83125
- SHA512
  
  d6ee88480aeef06af49cfae8b9a6b7359979f59a155870ba80618238c240b797a7a183dadffb68d8ae78d08a8f1c97762847212605ab15368ff5df35c6b6996d
- SSDEEP
  
  24576:QjV3kOrOYJLMJ4MzwKCAyRrPCUeQo6py5yG93RdiyH:sV3kuOY9bu0Ay1PaxZlRdXH
Score

10^/10

chinese_generic_botnet botnet discovery persistence
- Chinese_generic_botnet family
  chinese_generic_botnet
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  ׵[].exe
- Size
  
  9.1MB
- MD5
  
  c8250af6634fc8849b9f7ce2e551cd48
- SHA1
  
  82c2cd10b575a9117fc51556d3bd5ade091461ce
- SHA256
  
  06bc11cf49d62eb1c179fde516002e081593874fe13e88c58e13b6f5f18740c9
- SHA512
  
  1b0f9a964cab7ff4b362c5a5d79f69b94f41326582724bf2465598a512667f6b7639744131bb0dc06df0230e0a7f94090767c9591476d972e09ac0c542d4a610
- SSDEEP
  
  196608:N0JcDKlFBqZcPz5jGVARK8OSqY4i5KPa/hdHDRQIgLKN:CODKlFBqa99qs5x/jHDRQIG2
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6