Overview

overview

10

Static

static

e5ebc0171e...bc.exe

windows7-x64

10

e5ebc0171e...bc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 21:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e5ebc0171e1cf018301bb9c27968de8ef5b2a1a6faada38eed6dfbd1cf5f98bc.exe

  • Size

    677KB

  • MD5

    8f0c7cacd1016042f760ece19508bac6

  • SHA1

    fbe83db20f803cf81cb470576d4edb9f53da269e

  • SHA256

    e5ebc0171e1cf018301bb9c27968de8ef5b2a1a6faada38eed6dfbd1cf5f98bc

  • SHA512

    ad3f132bce60da7a85a0cb7aa657f75afc05b4a56612b78ebf49cd2cee95936fdc891a7593c025577fbcbd5b88a94bcf57e9c4a5d01e57b5a8a0efe1410d93c6

  • SSDEEP

    12288:8t0k/tdtKC6dCNlmqVkYqSJ3hz0qKfb+Ag3WHcHn1xqH+vQfrFW+Lq:8CkjEJk5VkWJ3hzLKj5gxqH+vQfrFW+O

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 5 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5ebc0171e1cf018301bb9c27968de8ef5b2a1a6faada38eed6dfbd1cf5f98bc.exe
    "C:\Users\Admin\AppData\Local\Temp\e5ebc0171e1cf018301bb9c27968de8ef5b2a1a6faada38eed6dfbd1cf5f98bc.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3564
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 904
      2⤵
      • Program crash
      PID:4260
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 3564 -ip 3564
    1⤵
      PID:1324

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3564-132-0x0000000000400000-0x00000000005F5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3564-133-0x0000000000400000-0x00000000005F5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3564-134-0x0000000000400000-0x00000000005F5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3564-135-0x0000000000030000-0x0000000000033000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3564-136-0x0000000000400000-0x00000000005F5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3564-137-0x0000000000400000-0x00000000005F5000-memory.dmp

            Filesize

            2.0MB

            Download