Overview

overview

10

Static

static

10

5f86b9f6d5...d9.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    34s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-04-2023 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f86b9f6d5430545dc239ebaeaa0378098bacec2b4051fc5258126b063f25bd9.exe

  • Size

    6.8MB

  • MD5

    6295e4e3a900339087d19d6d59b7faa9

  • SHA1

    44ad23e167c43d31b221d5c83a4555bc2a370ed1

  • SHA256

    5f86b9f6d5430545dc239ebaeaa0378098bacec2b4051fc5258126b063f25bd9

  • SHA512

    2e3859e8de4f835a1c824763a2d341ed982e7cfcfd83c800efb3b7aa2014cc898e377613d4aeba4e5f59527393b2c032c15f9d5fb85986c4296f014528bba021

  • SSDEEP

    98304:k4MS86jxmGBcum+JBAUZLWLjiB9OfPJBAUZLcF:nBNTJVrIJV

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 5 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f86b9f6d5430545dc239ebaeaa0378098bacec2b4051fc5258126b063f25bd9.exe
    "C:\Users\Admin\AppData\Local\Temp\5f86b9f6d5430545dc239ebaeaa0378098bacec2b4051fc5258126b063f25bd9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3428-121-0x0000000000400000-0x000000000074E000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-122-0x0000000000400000-0x000000000074E000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-123-0x0000000000400000-0x000000000074E000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-124-0x0000000000400000-0x000000000074E000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-128-0x0000000000400000-0x000000000074E000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-129-0x0000000010000000-0x00000000100CE000-memory.dmp

    Filesize

    824KB

    Download