blackmoon | 48a293f518c824fe4d4a29e38000de7664df3eb467db074d79d104a67693ae56

Analysis

max time kernel
11s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 00:39

Target

48a293f518c824fe4d4a29e38000de7664df3eb467db074d79d104a67693ae56.exe
Size

154KB
MD5

bf991543583d2d8664f0d958a6f3e4dd
SHA1

cf1fa4fd6f1858396e3f446fbb0f90418ecbbc79
SHA256

48a293f518c824fe4d4a29e38000de7664df3eb467db074d79d104a67693ae56
SHA512

8c2d6d8a6434d874e756859abc0a851aa6655d75b127af4932481e39d9f1d2717460f6651cc5820faf6b54a9259032abcc40dcb6788d31cd375305c4e9f19fab
SSDEEP

3072:p5IjJ0305245nqQMh9rfjWSEYGIBSKSwyY4fgIKFHPcoutK1v:paqkEKGXrfqOqwyY+noSK

Score

10^/10

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/968-55-0x0000000000400000-0x0000000000493000-memory.dmp	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/968-55-0x0000000000400000-0x0000000000493000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\48a293f518c824fe4d4a29e38000de7664df3eb467db074d79d104a67693ae56.exe
"C:\Users\Admin\AppData\Local\Temp\48a293f518c824fe4d4a29e38000de7664df3eb467db074d79d104a67693ae56.exe"
1⤵
PID:968

memory/968-54-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/968-55-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download