Overview

overview

10

Static

static

212b81f584...81.exe

windows7-x64

10

212b81f584...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    41s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 01:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    212b81f5849fbeea6efc18032eb66c37bd194cc0f09c1621d13e5a9bd4067481.exe

  • Size

    364KB

  • MD5

    0857f51f79e9550beee832515dc3cdd0

  • SHA1

    3365a05f2bb53b174077156e2286d54081e89c1e

  • SHA256

    212b81f5849fbeea6efc18032eb66c37bd194cc0f09c1621d13e5a9bd4067481

  • SHA512

    c2ddfb5fb3c3a20beb56ee5db241d81df505a45a840c77690a0531293a0dc0464bed8011a308df9968b08bbf59c3a172cbf2623eff5dd5f78fe69568d986401d

  • SSDEEP

    6144:iLOJLJQTwFy4u+TXvNDh4GWIqCimU4a8giVNCCE1oy8NGAyVn8S5XpG/28ehlA0w:7JNFy4bDvNl4GWIh3UZ8JrCC8oyPrl8R

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\212b81f5849fbeea6efc18032eb66c37bd194cc0f09c1621d13e5a9bd4067481.exe
    "C:\Users\Admin\AppData\Local\Temp\212b81f5849fbeea6efc18032eb66c37bd194cc0f09c1621d13e5a9bd4067481.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1768

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1768-54-0x0000000075931000-0x0000000075933000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1768-55-0x0000000000400000-0x0000000000565000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1768-57-0x0000000000400000-0x0000000000565000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1768-58-0x0000000000400000-0x0000000000565000-memory.dmp

          Filesize

          1.4MB

          Download