blackmoon | 64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc

General

Target

64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc.dll
Size

392KB
MD5

36959f6c0d0ec1c2530e44757835f85f
SHA1

62315ceee75c18046d8fdddb04a237fb53bb269c
SHA256

64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc
SHA512

ae140fd617726fb4af386698be97258c3d795983660b50abc8a6bfe445c12582fd46c75a59606557ec1bfe598bf474cc2e37698dab1cb7ea5033d0f80ecfdb0c
SSDEEP

6144:+fxf2hROOYmRDLRR5rhZFQGrsUwF7vlPoSPeCaQYnKYhXoS:+fxf2hROSRDLR5nWFpPoSNKK2XoS

Score

10^/10

blackmoon banker trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1076-148-0x0000000010000000-0x0000000010062000-memory.dmp	family_blackmoon

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1076-142-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-143-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-144-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-146-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-148-0x0000000010000000-0x0000000010062000-memory.dmp	upx
behavioral2/memory/1076-150-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-152-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-154-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-156-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-158-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-160-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-162-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-164-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-166-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-168-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-170-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-172-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-174-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-176-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-178-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-180-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-182-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-184-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-186-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx
behavioral2/memory/1076-187-0x0000000000C20000-0x0000000000C5E000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1076 rundll32.exe

pid	process
1076	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4156 wrote to memory of 1076	4156	rundll32.exe	rundll32.exe
PID 4156 wrote to memory of 1076	4156	rundll32.exe	rundll32.exe
PID 4156 wrote to memory of 1076	4156	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64534ddc726bbe275a4c36423b8ad4fd3d9ffa43510ba1ed2a2324a4f51931dc.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:1076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1076-142-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-143-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-144-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-146-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-148-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download
memory/1076-150-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-152-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-154-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-156-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-158-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-160-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-162-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-164-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-166-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-168-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-170-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-172-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-174-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-176-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-178-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-180-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-182-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-184-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-186-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download
memory/1076-187-0x0000000000C20000-0x0000000000C5E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads