blackmoon | 7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c

Analysis

max time kernel
140s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2023 11:44

Target

7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe
Size

809KB
MD5

20693f052b1302fe07a8a1020f7d562d
SHA1

28e652e1b9d4626e2d164ca814f1b26d106e29e2
SHA256

7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c
SHA512

ed3e238fff80ea8a195e21add585c7fd6c485a0a492a9869c31efb1535c1f294169c5f1ea068ca8b637cc91594899d5a8588eeb9cc8c391d61f2d678afc61c41
SSDEEP

12288:v8skPUmtugiI6UO7TnwFsR3OQ4+GkueUCgH:0/PULgm7LOsRBGkue

Score

10^/10

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 13 IoCs

resource	yara_rule
behavioral2/memory/2144-134-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-135-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-133-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-136-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-141-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-144-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-145-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-146-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-147-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-150-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-151-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-152-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon
behavioral2/memory/2144-153-0x0000000000400000-0x0000000000631000-memory.dmp	family_blackmoon

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2144	7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe
2144	7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe
2144	7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe

C:\Users\Admin\AppData\Local\Temp\7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe
"C:\Users\Admin\AppData\Local\Temp\7c20f309c192690ac5ffaf2d35cf09f59ad372398071ad95b9e9a536d74ada1c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2144

memory/2144-134-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-135-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-133-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-136-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-137-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/2144-141-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-144-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-145-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-146-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-147-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-150-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-151-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-152-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/2144-153-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download