blackmoon | 76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2023 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe
Size

1.7MB
MD5

8f6438420019c6eb7bb75666ab3de08a
SHA1

8bed9c65493e4848b45d0f82a06e7c6067a5fc43
SHA256

76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4
SHA512

2ff56a7fff9364ad5405f6ae061d99435e41fd45b973c8013dab925761d068eef3ea292b7d3a54d13f6ff8b75e0b513d213fd66e2dca83735f9a87e0108275c0
SSDEEP

49152:qSFGHeEqlySQV9Ppke9SPoQGgrVrBF1lq7:qSsHqK9PCeK9Ggrd14

Score

10^/10

blackmoon banker trojan

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 12 IoCs

Processes:

resource	yara_rule
behavioral2/memory/808-134-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-135-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-136-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-168-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-169-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-170-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-171-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-172-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-173-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-174-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-175-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon
behavioral2/memory/808-178-0x0000000000400000-0x0000000000832000-memory.dmp	family_blackmoon

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe

pid	process
808	76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe
808	76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe
808	76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe
808	76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe

C:\Users\Admin\AppData\Local\Temp\76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe
"C:\Users\Admin\AppData\Local\Temp\76d270f536bc267cdf7460b8dbe6c5e21380815b290b94c6cc9c520370ea18a4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BiJi
Filesize
78B

MD5
a6fee0ed10bc8c44b52ab3bff35e260b

SHA1
bb3628ac9eafd3f02945d45f91375ad6ecc90274

SHA256
e6a9b602e15e3769fa7f4382b13c8d198dcc204c259b4e044b52fc779d08a941

SHA512
d2c24ca311dcfd63cc9740e4cde088a5c3e293b8a4ddeba2244a06cbb559180f936360a82bd353e11038c586b02391f9ade7e3463450feafb5f6819f18e5858b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BiJi
Filesize
111B

MD5
37af041fe710a227fd724c09c96cdf79

SHA1
0f6b00cf165dbb4bcf65bfe5104e52bed72a98cf

SHA256
3017f97e3f58cbc11043a43182391b37fd9931bc59def1d959073fde91888154

SHA512
dfb6ff53b7844652537b55f120def7bb6623d8c94fbaeaf5bc703c6ea03cab8de224dd9e55f274f7eb482abc6773c24c2a95b3c29b68403a82f042f91b0a8743

Download Submit
memory/808-169-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-170-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-137-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/808-135-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-134-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-168-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-133-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-136-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-171-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-172-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-173-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-174-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-175-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download
memory/808-178-0x0000000000400000-0x0000000000832000-memory.dmp

Filesize
4.2MB

Download