blackmoon | 91fa268b81a58456c39e93b97edf93d337211e3f2e6f5c74b953f4cb6776aa27

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-06-2023 08:28

Target

04467999.exe
Size

146KB
MD5

c789a3a89d17ab41fa660c3f59f376d4
SHA1

eba0b3e7b3a76a23132cee507061f6987abe3137
SHA256

91fa268b81a58456c39e93b97edf93d337211e3f2e6f5c74b953f4cb6776aa27
SHA512

3aee37a638856e92b732ef923afa8ce4a7836555ba1f0159d9b23a8a72f2809bf3aad73f412d00b162403c5cfd0e75e4ee33b6eb4079aa0eefc83aa595e143c8
SSDEEP

3072:SNsrb3QnnOxoxYGYn8C4zIB2eBH6CaucLD1kkQIpEH5xsXFHzZpbWjRBLFk/Pout:qsX3QnM8CDwgDcLxQI+ZxkHzf2RB2/PZ

Score

10^/10

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1724-55-0x0000000000400000-0x00000000004A5000-memory.dmp	family_blackmoon
behavioral1/memory/1724-56-0x0000000000400000-0x00000000004A5000-memory.dmp	family_blackmoon

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1724-55-0x0000000000400000-0x00000000004A5000-memory.dmp	upx
behavioral1/memory/1724-56-0x0000000000400000-0x00000000004A5000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

Processes:

04467999.exe

description ioc process

File created C:\Windows\gzip.dll 04467999.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

04467999.exe

description pid process

Token: SeDebugPrivilege 1724 04467999.exe
Token: SeDebugPrivilege 1724 04467999.exe

description	ioc	process
File created	C:\Windows\gzip.dll	04467999.exe

description	pid	process
Token: SeDebugPrivilege	1724	04467999.exe
Token: SeDebugPrivilege	1724	04467999.exe

memory/1724-55-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download
memory/1724-56-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download