Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
14-06-2023 16:23
General
-
Target
3KCat.exe
-
Size
17.3MB
-
MD5
55323cf67f21e349e4a8d33a246d3013
-
SHA1
a6d261dc9ae5dc9c90f194dd811a5a50ff50a3c2
-
SHA256
54c11d75fde269791ac564306003248678b1c6a1dcac494cd431500885d91846
-
SHA512
10a86032165a00843f7cbae4b2614529cfc8105124a1f2a63de5f733db460b7a5138ac92bcd357d011f95207099debde2ce5e5e93917e5c8a52bf935868405ef
-
SSDEEP
393216:JiN5ETRbZ+elNsQiasvvLNOmYg3r3d51AyzmkiF8q5EXK:JiN5ETblOhasvvLNfpbN5aYgiucK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3KCat.exe"C:\Users\Admin\AppData\Local\Temp\3KCat.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/892-54-0x0000000010000000-0x0000000010019000-memory.dmpFilesize
100KB
-
memory/892-56-0x0000000010000000-0x0000000010019000-memory.dmpFilesize
100KB
-
memory/892-69-0x00000000033C0000-0x00000000033E6000-memory.dmpFilesize
152KB
-
memory/892-68-0x00000000033C0000-0x00000000033E6000-memory.dmpFilesize
152KB
-
memory/892-70-0x00000000033F0000-0x0000000003414000-memory.dmpFilesize
144KB
-
memory/892-71-0x00000000033F0000-0x0000000003414000-memory.dmpFilesize
144KB
-
memory/892-72-0x0000000010000000-0x0000000010019000-memory.dmpFilesize
100KB