blackmoon | 7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c

Analysis

max time kernel
151s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29-05-2023 11:44

Target

7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe
Size

809KB
MD5

20693f052b1302fe07a8a1020f7d562d
SHA1

28e652e1b9d4626e2d164ca814f1b26d106e29e2
SHA256

7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c
SHA512

ed3e238fff80ea8a195e21add585c7fd6c485a0a492a9869c31efb1535c1f294169c5f1ea068ca8b637cc91594899d5a8588eeb9cc8c391d61f2d678afc61c41
SSDEEP

12288:v8skPUmtugiI6UO7TnwFsR3OQ4+GkueUCgH:0/PULgm7LOsRBGkue

Score

10^/10

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 12 IoCs

resource	yara_rule
behavioral1/memory/1848-55-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-56-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-54-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-60-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-61-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-65-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-66-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-67-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-68-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-69-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-70-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral1/memory/1848-74-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1848	7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe
1848	7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe

C:\Users\Admin\AppData\Local\Temp\7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe
"C:\Users\Admin\AppData\Local\Temp\7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1848

memory/1848-55-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-56-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-54-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-57-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/1848-60-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-61-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-65-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-66-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-67-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-68-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-69-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-70-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-74-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/1848-75-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download