Analysis
-
max time kernel
233s -
max time network
333s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
27-11-2022 02:53
General
-
Target
f4d6c3f6f2fc3484ffa1fe045cfcdc10ac31186df789d5f651e338ef6da2f928.exe
-
Size
9.7MB
-
MD5
817fb4f5c18a615a84025b43dcf07a95
-
SHA1
bc81c5d6705a7f833ef997ab701695919d3ff56b
-
SHA256
f4d6c3f6f2fc3484ffa1fe045cfcdc10ac31186df789d5f651e338ef6da2f928
-
SHA512
86716d5bf3b38f75b1e56549602510666ec5add747fa2e0c93f85f4e21f2bf7bd3c6b567804eaa5ac076f48f7d6dfa6228f72e259f73d1690cf48c9a2cbe18ec
-
SSDEEP
196608:T1RhQ6+skCXQqjA6Qaf+HpymE6YmqwjAJVEScv5pJYtD:1iyrXfMymnAsp
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 3 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file 5 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f4d6c3f6f2fc3484ffa1fe045cfcdc10ac31186df789d5f651e338ef6da2f928.exe"C:\Users\Admin\AppData\Local\Temp\f4d6c3f6f2fc3484ffa1fe045cfcdc10ac31186df789d5f651e338ef6da2f928.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/752-54-0x0000000075531000-0x0000000075533000-memory.dmpFilesize
8KB
-
memory/752-55-0x0000000000400000-0x0000000000E05000-memory.dmpFilesize
10.0MB
-
memory/752-56-0x0000000000400000-0x0000000000E05000-memory.dmpFilesize
10.0MB
-
memory/752-57-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-58-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-59-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-61-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-63-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-67-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-65-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-69-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-73-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-75-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-71-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-79-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-77-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-81-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-83-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-85-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-89-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-87-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-94-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-92-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-96-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-100-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-98-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/752-101-0x0000000002F60000-0x000000000312D000-memory.dmpFilesize
1.8MB
-
memory/752-103-0x0000000002F60000-0x000000000312D000-memory.dmpFilesize
1.8MB
-
memory/752-107-0x0000000002F60000-0x000000000312D000-memory.dmpFilesize
1.8MB
-
memory/752-108-0x0000000000400000-0x0000000000E05000-memory.dmpFilesize
10.0MB
-
memory/752-109-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB